Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NEW SHIPPING DOCUMENTS.exe

Overview

General Information

Sample name:NEW SHIPPING DOCUMENTS.exe
Analysis ID:1591638
MD5:10a2684aae3f75a984dc63506e8ed8dc
SHA1:99a1ef344d13f5b44f3b0526f44072154e30641b
SHA256:6f094aa75a8322555241fae3063c17075a6ed5166bfb41c9055c390278178d6b
Tags:exeuser-lowmal3
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suspicious powershell command line found
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • NEW SHIPPING DOCUMENTS.exe (PID: 5552 cmdline: "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe" MD5: 10A2684AAE3F75A984DC63506E8ED8DC)
    • powershell.exe (PID: 6368 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 6712 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\RvUJzKx.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 5356 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 5700 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • NEW SHIPPING DOCUMENTS.exe (PID: 7140 cmdline: "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe" MD5: 10A2684AAE3F75A984DC63506E8ED8DC)
  • RvUJzKx.exe (PID: 6492 cmdline: C:\Users\user\AppData\Roaming\RvUJzKx.exe MD5: 10A2684AAE3F75A984DC63506E8ED8DC)
    • schtasks.exe (PID: 6072 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp2DB8.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RvUJzKx.exe (PID: 6820 cmdline: "C:\Users\user\AppData\Roaming\RvUJzKx.exe" MD5: 10A2684AAE3F75A984DC63506E8ED8DC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.stilbo.eu", "Username": "bogdan.hafner@stilbo.eu", "Password": "StilBO_#1"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000E.00000002.4586702521.000000000302B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      0000000E.00000002.4586702521.000000000302B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000009.00000002.4586675330.000000000326B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000009.00000002.4586675330.000000000326B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 11 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              9.2.NEW SHIPPING DOCUMENTS.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                        Click to see the 16 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", ParentImage: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe, ParentProcessId: 5552, ParentProcessName: NEW SHIPPING DOCUMENTS.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", ProcessId: 6368, ProcessName: powershell.exe
                        Sigma detected: Powershell Defender Exclusion
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", ParentImage: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe, ParentProcessId: 5552, ParentProcessName: NEW SHIPPING DOCUMENTS.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", ProcessId: 6368, ProcessName: powershell.exe
                        Sigma detected: Suspicious Add Scheduled Task Parent
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp2DB8.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp2DB8.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\RvUJzKx.exe, ParentImage: C:\Users\user\AppData\Roaming\RvUJzKx.exe, ParentProcessId: 6492, ParentProcessName: RvUJzKx.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp2DB8.tmp", ProcessId: 6072, ProcessName: schtasks.exe
                        Sigma detected: Suspicious Outbound SMTP Connections
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 212.44.102.65, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe, Initiated: true, ProcessId: 7140, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49714
                        Sigma detected: Suspicious Schtasks From Env Var Folder
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", ParentImage: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe, ParentProcessId: 5552, ParentProcessName: NEW SHIPPING DOCUMENTS.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp", ProcessId: 5700, ProcessName: schtasks.exe
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", ParentImage: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe, ParentProcessId: 5552, ParentProcessName: NEW SHIPPING DOCUMENTS.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", ProcessId: 6368, ProcessName: powershell.exe

                        Persistence and Installation Behavior

                        barindex
                        Sigma detected: Scheduled temp file as task from temp location
                        Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe", ParentImage: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe, ParentProcessId: 5552, ParentProcessName: NEW SHIPPING DOCUMENTS.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp", ProcessId: 5700, ProcessName: schtasks.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-01-15T08:40:00.730469+010020301711A Network Trojan was detected192.168.2.649724212.44.102.65587TCP
                        2025-01-15T08:40:00.730469+010020301711A Network Trojan was detected192.168.2.649714212.44.102.65587TCP
                        2025-01-15T08:41:26.619287+010020301711A Network Trojan was detected192.168.2.649994212.44.102.65587TCP
                        2025-01-15T08:41:36.980692+010020301711A Network Trojan was detected192.168.2.649996212.44.102.65587TCP
                        2025-01-15T08:41:42.320173+010020301711A Network Trojan was detected192.168.2.649997212.44.102.65587TCP
                        2025-01-15T08:42:05.375634+010020301711A Network Trojan was detected192.168.2.649999212.44.102.65587TCP
                        2025-01-15T08:42:22.962578+010020301711A Network Trojan was detected192.168.2.650001212.44.102.65587TCP
                        2025-01-15T08:42:25.930500+010020301711A Network Trojan was detected192.168.2.650002212.44.102.65587TCP
                        2025-01-15T08:42:33.027740+010020301711A Network Trojan was detected192.168.2.650003212.44.102.65587TCP
                        2025-01-15T08:42:34.918407+010020301711A Network Trojan was detected192.168.2.650004212.44.102.65587TCP
                        2025-01-15T08:42:37.191851+010020301711A Network Trojan was detected192.168.2.650005212.44.102.65587TCP
                        2025-01-15T08:42:59.617539+010020301711A Network Trojan was detected192.168.2.650006212.44.102.65587TCP
                        2025-01-15T08:43:00.856892+010020301711A Network Trojan was detected192.168.2.650009212.44.102.65587TCP
                        2025-01-15T08:43:02.452302+010020301711A Network Trojan was detected192.168.2.650010212.44.102.65587TCP
                        2025-01-15T08:43:08.488383+010020301711A Network Trojan was detected192.168.2.650011212.44.102.65587TCP
                        2025-01-15T08:43:23.137247+010020301711A Network Trojan was detected192.168.2.650013212.44.102.65587TCP
                        2025-01-15T08:43:26.288908+010020301711A Network Trojan was detected192.168.2.650014212.44.102.65587TCP
                        2025-01-15T08:43:32.394561+010020301711A Network Trojan was detected192.168.2.650015212.44.102.65587TCP
                        2025-01-15T08:43:37.148727+010020301711A Network Trojan was detected192.168.2.650016212.44.102.65587TCP
                        2025-01-15T08:43:44.906076+010020301711A Network Trojan was detected192.168.2.650017212.44.102.65587TCP
                        2025-01-15T08:43:45.168660+010020301711A Network Trojan was detected192.168.2.650018212.44.102.65587TCP
                        2025-01-15T08:43:50.511642+010020301711A Network Trojan was detected192.168.2.650019212.44.102.65587TCP
                        2025-01-15T08:43:59.224570+010020301711A Network Trojan was detected192.168.2.650021212.44.102.65587TCP
                        2025-01-15T08:44:02.312599+010020301711A Network Trojan was detected192.168.2.650022212.44.102.65587TCP
                        2025-01-15T08:44:06.002352+010020301711A Network Trojan was detected192.168.2.650023212.44.102.65587TCP
                        2025-01-15T08:44:16.415811+010020301711A Network Trojan was detected192.168.2.650025212.44.102.65587TCP
                        2025-01-15T08:44:16.554803+010020301711A Network Trojan was detected192.168.2.650026212.44.102.65587TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-01-15T08:41:26.619287+010028400321A Network Trojan was detected192.168.2.649994212.44.102.65587TCP
                        2025-01-15T08:41:36.980692+010028400321A Network Trojan was detected192.168.2.649996212.44.102.65587TCP
                        2025-01-15T08:41:42.320173+010028400321A Network Trojan was detected192.168.2.649997212.44.102.65587TCP
                        2025-01-15T08:42:05.375634+010028400321A Network Trojan was detected192.168.2.649999212.44.102.65587TCP
                        2025-01-15T08:42:22.962578+010028400321A Network Trojan was detected192.168.2.650001212.44.102.65587TCP
                        2025-01-15T08:42:25.930500+010028400321A Network Trojan was detected192.168.2.650002212.44.102.65587TCP
                        2025-01-15T08:42:33.027740+010028400321A Network Trojan was detected192.168.2.650003212.44.102.65587TCP
                        2025-01-15T08:42:34.918407+010028400321A Network Trojan was detected192.168.2.650004212.44.102.65587TCP
                        2025-01-15T08:42:37.191851+010028400321A Network Trojan was detected192.168.2.650005212.44.102.65587TCP
                        2025-01-15T08:42:59.617539+010028400321A Network Trojan was detected192.168.2.650006212.44.102.65587TCP
                        2025-01-15T08:43:00.856892+010028400321A Network Trojan was detected192.168.2.650009212.44.102.65587TCP
                        2025-01-15T08:43:02.452302+010028400321A Network Trojan was detected192.168.2.650010212.44.102.65587TCP
                        2025-01-15T08:43:08.488383+010028400321A Network Trojan was detected192.168.2.650011212.44.102.65587TCP
                        2025-01-15T08:43:23.137247+010028400321A Network Trojan was detected192.168.2.650013212.44.102.65587TCP
                        2025-01-15T08:43:26.288908+010028400321A Network Trojan was detected192.168.2.650014212.44.102.65587TCP
                        2025-01-15T08:43:32.394561+010028400321A Network Trojan was detected192.168.2.650015212.44.102.65587TCP
                        2025-01-15T08:43:37.148727+010028400321A Network Trojan was detected192.168.2.650016212.44.102.65587TCP
                        2025-01-15T08:43:44.906076+010028400321A Network Trojan was detected192.168.2.650017212.44.102.65587TCP
                        2025-01-15T08:43:45.168660+010028400321A Network Trojan was detected192.168.2.650018212.44.102.65587TCP
                        2025-01-15T08:43:50.511642+010028400321A Network Trojan was detected192.168.2.650019212.44.102.65587TCP
                        2025-01-15T08:43:59.224570+010028400321A Network Trojan was detected192.168.2.650021212.44.102.65587TCP
                        2025-01-15T08:44:02.312599+010028400321A Network Trojan was detected192.168.2.650022212.44.102.65587TCP
                        2025-01-15T08:44:06.002352+010028400321A Network Trojan was detected192.168.2.650023212.44.102.65587TCP
                        2025-01-15T08:44:16.415811+010028400321A Network Trojan was detected192.168.2.650025212.44.102.65587TCP
                        2025-01-15T08:44:16.554803+010028400321A Network Trojan was detected192.168.2.650026212.44.102.65587TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Found malware configuration
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.stilbo.eu", "Username": "bogdan.hafner@stilbo.eu", "Password": "StilBO_#1"}
                        Multi AV Scanner detection for dropped file
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeReversingLabs: Detection: 36%
                        Multi AV Scanner detection for submitted file
                        Source: NEW SHIPPING DOCUMENTS.exeVirustotal: Detection: 44%Perma Link
                        Source: NEW SHIPPING DOCUMENTS.exeReversingLabs: Detection: 36%
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Machine Learning detection for dropped file
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeJoe Sandbox ML: detected
                        Machine Learning detection for sample
                        Source: NEW SHIPPING DOCUMENTS.exeJoe Sandbox ML: detected
                        Source: NEW SHIPPING DOCUMENTS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49711 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49717 version: TLS 1.2
                        Source: NEW SHIPPING DOCUMENTS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Binary string: AnYI.pdb source: NEW SHIPPING DOCUMENTS.exe, RvUJzKx.exe.0.dr
                        Source: Binary string: AnYI.pdbSHA256 source: NEW SHIPPING DOCUMENTS.exe, RvUJzKx.exe.0.dr
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 4x nop then jmp 074131F1h0_2_07412646

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50001 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50001 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:49994 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:49996 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:49996 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:49994 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:49997 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:49997 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:49999 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:49999 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50002 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50002 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50004 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50004 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50009 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50009 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50011 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50011 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50018 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50017 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50017 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50010 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50018 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50010 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50006 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50006 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50016 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50021 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50021 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50015 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50015 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50016 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50019 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50019 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50022 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50022 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50026 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50026 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50023 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50023 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50005 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50005 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50014 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50014 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50013 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50013 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50003 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50003 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:50025 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.6:50025 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:49724 -> 212.44.102.65:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:49714 -> 212.44.102.65:587
                        Yara detected Generic Downloader
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.4813808.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.47947e8.3.raw.unpack, type: UNPACKEDPE
                        Source: global trafficTCP traffic: 192.168.2.6:49714 -> 212.44.102.65:587
                        Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                        Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                        Source: Joe Sandbox ViewASN Name: DHH-ASSI DHH-ASSI
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: unknownDNS query: name: api.ipify.org
                        Source: unknownDNS query: name: api.ipify.org
                        Source: global trafficTCP traffic: 192.168.2.6:49714 -> 212.44.102.65:587
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                        Source: global trafficDNS traffic detected: DNS query: mail.stilbo.eu
                        Source: RvUJzKx.exe, 0000000E.00000002.4601362527.0000000006842000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003329000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.00000000036D4000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.00000000035A7000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003367000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.00000000032C8000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.000000000347D000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003641000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.00000000033E5000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003514000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.000000000302B000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.0000000003079000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.00000000033FA000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.000000000343B000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.000000000323C000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.0000000003112000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.0000000003366000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.000000000350C000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.00000000031A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.stilbo.eu
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2139661993.0000000002F63000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003221000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000A.00000002.2189774630.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.0000000002FE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: NEW SHIPPING DOCUMENTS.exe, RvUJzKx.exe.0.drString found in binary or memory: http://tempuri.org/DataSet1.xsd
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4582718392.0000000000436000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003221000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4582752473.000000000042E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                        Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49711 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49717 version: TLS 1.2

                        Key, Mouse, Clipboard, Microphone and Screen Capturing

                        barindex
                        Installs a global keyboard hook
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\RvUJzKx.exe
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWindow created: window name: CLIPBRDWNDCLASS

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.4892828.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.4892828.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.4813808.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.47947e8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Initial sample is a PE file and has a suspicious name
                        Source: initial sampleStatic PE information: Filename: NEW SHIPPING DOCUMENTS.exe
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_051942040_2_05194204
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0519E7040_2_0519E704
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_051970880_2_05197088
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706D2480_2_0706D248
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706DD780_2_0706DD78
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706D2380_2_0706D238
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070600B90_2_070600B9
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706ED200_2_0706ED20
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706ED300_2_0706ED30
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706DCD80_2_0706DCD8
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706E8D80_2_0706E8D8
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706E8E80_2_0706E8E8
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070935E80_2_070935E8
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070952100_2_07095210
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070900400_2_07090040
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07093A280_2_07093A28
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07095AC00_2_07095AC0
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0709F7100_2_0709F710
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0709F7200_2_0709F720
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0709D5300_2_0709D530
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070945800_2_07094580
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070945900_2_07094590
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070935D80_2_070935D8
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070933EA0_2_070933EA
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070933F00_2_070933F0
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070952010_2_07095201
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0709F2000_2_0709F200
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0709F2100_2_0709F210
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070941380_2_07094138
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070941480_2_07094148
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070931680_2_07093168
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070931780_2_07093178
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070900070_2_07090007
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070960990_2_07096099
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070960A80_2_070960A8
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0709D0E00_2_0709D0E0
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07092F480_2_07092F48
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07092F580_2_07092F58
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07091D080_2_07091D08
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07091D180_2_07091D18
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07093C600_2_07093C60
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07093C700_2_07093C70
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07093A190_2_07093A19
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07094A410_2_07094A41
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07094A500_2_07094A50
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07095AB00_2_07095AB0
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0709D9680_2_0709D968
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070928C80_2_070928C8
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_070928C70_2_070928C7
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_074151B00_2_074151B0
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_015241C89_2_015241C8
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_0152E8099_2_0152E809
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_01524A989_2_01524A98
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_01523E809_2_01523E80
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DEB23F9_2_06DEB23F
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DE30809_2_06DE3080
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DE55C09_2_06DE55C0
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DEC1989_2_06DEC198
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DE7D909_2_06DE7D90
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DE76B09_2_06DE76B0
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DEE3B89_2_06DEE3B8
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DE23789_2_06DE2378
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DE5CEF9_2_06DE5CEF
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DE00409_2_06DE0040
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_06DE00079_2_06DE0007
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_00BA420410_2_00BA4204
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_00BAE70410_2_00BAE704
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_00BA708810_2_00BA7088
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0554D24810_2_0554D248
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0554DD7810_2_0554DD78
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0554D23810_2_0554D238
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0554ED3010_2_0554ED30
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0554ED2010_2_0554ED20
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0554DCD810_2_0554DCD8
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0554E8D810_2_0554E8D8
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0554E8E810_2_0554E8E8
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_08485AB010_2_08485AB0
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_08483B9810_2_08483B98
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848004010_2_08480040
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848520110_2_08485201
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848376810_2_08483768
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848D96810_2_0848D968
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_08482A4810_2_08482A48
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_08484A4110_2_08484A41
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_08484A5010_2_08484A50
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_08482A3910_2_08482A39
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_08483DE010_2_08483DE0
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_08483DF010_2_08483DF0
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_08481E8810_2_08481E88
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_08481E9810_2_08481E98
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848000610_2_08480006
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_084830C810_2_084830C8
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_084830D810_2_084830D8
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848D0E010_2_0848D0E0
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848609910_2_08486099
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848414810_2_08484148
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848413810_2_08484138
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848F20010_2_0848F200
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848F21010_2_0848F210
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_084832E810_2_084832E8
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_084832F810_2_084832F8
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848356210_2_08483562
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848357010_2_08483570
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848D53010_2_0848D530
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848458010_2_08484580
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848459010_2_08484590
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848375810_2_08483758
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848F71010_2_0848F710
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848F72010_2_0848F720
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_012441C814_2_012441C8
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_0124E80914_2_0124E809
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_01244A9814_2_01244A98
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_01243E8014_2_01243E80
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AE660014_2_06AE6600
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AE7D9014_2_06AE7D90
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AE55C014_2_06AE55C0
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AEB23F14_2_06AEB23F
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AE308014_2_06AE3080
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AEC19814_2_06AEC198
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AE76B014_2_06AE76B0
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AE5CEF14_2_06AE5CEF
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AEE3B814_2_06AEE3B8
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AE004014_2_06AE0040
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_06AE002314_2_06AE0023
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2162479115.0000000006FE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegK vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename0a4d5b74-546f-4184-9d44-320b65cce72e.exe4 vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000000.2120004554.0000000000A36000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAnYI.exe< vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2137544217.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2153779037.0000000005790000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2164780133.0000000007A80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2139661993.0000000002F63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename0a4d5b74-546f-4184-9d44-320b65cce72e.exe4 vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename0a4d5b74-546f-4184-9d44-320b65cce72e.exe4 vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4582718392.0000000000438000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename0a4d5b74-546f-4184-9d44-320b65cce72e.exe4 vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4583213928.00000000012F8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exeBinary or memory string: OriginalFilenameAnYI.exe< vs NEW SHIPPING DOCUMENTS.exe
                        Source: NEW SHIPPING DOCUMENTS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.4892828.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.4892828.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.4813808.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.NEW SHIPPING DOCUMENTS.exe.47947e8.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: NEW SHIPPING DOCUMENTS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: RvUJzKx.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@19/15@2/2
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeFile created: C:\Users\user\AppData\Roaming\RvUJzKx.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1016:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2244:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6504:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5584:120:WilError_03
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeFile created: C:\Users\user\AppData\Local\Temp\tmp1B68.tmpJump to behavior
                        Source: NEW SHIPPING DOCUMENTS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: NEW SHIPPING DOCUMENTS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: NEW SHIPPING DOCUMENTS.exeVirustotal: Detection: 44%
                        Source: NEW SHIPPING DOCUMENTS.exeReversingLabs: Detection: 36%
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeFile read: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\RvUJzKx.exe"
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp"
                        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\RvUJzKx.exe C:\Users\user\AppData\Roaming\RvUJzKx.exe
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp2DB8.tmp"
                        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess created: C:\Users\user\AppData\Roaming\RvUJzKx.exe "C:\Users\user\AppData\Roaming\RvUJzKx.exe"
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\RvUJzKx.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp"Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp2DB8.tmp"Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess created: C:\Users\user\AppData\Roaming\RvUJzKx.exe "C:\Users\user\AppData\Roaming\RvUJzKx.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: dwrite.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: textshaping.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: dwrite.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: textshaping.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: mscoree.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: kernel.appcore.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: version.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: uxtheme.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: windows.storage.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: wldp.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: profapi.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: cryptsp.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: rsaenh.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: cryptbase.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: wbemcomn.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: amsi.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: userenv.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: sspicli.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: rasapi32.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: rasman.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: rtutils.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: mswsock.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: winhttp.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: iphlpapi.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: dhcpcsvc6.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: dnsapi.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: winnsi.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: rasadhlp.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: fwpuclnt.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: secur32.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: schannel.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: mskeyprotect.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: ntasn1.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: ncrypt.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: ncryptsslp.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: msasn1.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: gpapi.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: vaultcli.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: wintypes.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: edputil.dll
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeSection loaded: windowscodecs.dll
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                        Source: NEW SHIPPING DOCUMENTS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: NEW SHIPPING DOCUMENTS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: NEW SHIPPING DOCUMENTS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: AnYI.pdb source: NEW SHIPPING DOCUMENTS.exe, RvUJzKx.exe.0.dr
                        Source: Binary string: AnYI.pdbSHA256 source: NEW SHIPPING DOCUMENTS.exe, RvUJzKx.exe.0.dr

                        Data Obfuscation

                        barindex
                        Suspicious powershell command line found
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"Jump to behavior
                        Source: NEW SHIPPING DOCUMENTS.exeStatic PE information: 0xEAEA3A7C [Sun Nov 21 23:02:20 2094 UTC]
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706D573 push ecx; ret 0_2_0706D574
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706A260 pushad ; retf 0_2_0706A261
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0706B082 push eax; iretd 0_2_0706B089
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_0709B7A2 push esp; retf 0_2_0709B7A9
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07411668 push 10073FBDh; iretd 0_2_074116A5
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07411698 push 10073FBDh; iretd 0_2_074116A5
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07411D2A pushfd ; ret 0_2_07411D31
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 0_2_07411CB8 push eax; ret 0_2_07411CB9
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_01520C45 push ebx; retf 9_2_01520C52
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeCode function: 9_2_01520CCB push edi; retf 9_2_01520C7A
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0554D573 push ecx; ret 10_2_0554D574
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0554A260 pushad ; retf 10_2_0554A261
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 10_2_0848CACE push ecx; ret 10_2_0848CACF
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_0124E78F push ds; iretd 14_2_0124E793
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_01240C45 push ebx; retf 14_2_01240C52
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeCode function: 14_2_01240CCB push edi; retf 14_2_01240C7A
                        Source: NEW SHIPPING DOCUMENTS.exeStatic PE information: section name: .text entropy: 7.622432389649315
                        Source: RvUJzKx.exe.0.drStatic PE information: section name: .text entropy: 7.622432389649315
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeFile created: C:\Users\user\AppData\Roaming\RvUJzKx.exeJump to dropped file

                        Boot Survival

                        barindex
                        Uses schtasks.exe or at.exe to add and modify task schedules
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp"

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Loading BitLocker PowerShell Module
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: Process Memory Space: NEW SHIPPING DOCUMENTS.exe PID: 5552, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RvUJzKx.exe PID: 6492, type: MEMORYSTR
                        Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: 2C60000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: 2D10000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: 2C60000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: 91E0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: 71E0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: A1E0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: B1E0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: B8C0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: C8C0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: D8C0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: 1510000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: 3220000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: 3090000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: BA0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: 2A00000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: FC0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: 85D0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: 95D0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: 97C0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: A7C0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: AE60000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: BE60000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: CE60000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: 1240000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: 2FE0000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory allocated: 2E20000 memory reserve | memory write watch
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199954Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199828Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199719Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199609Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199500Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199391Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199281Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199172Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199063Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198938Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198813Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198688Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198578Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198469Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198344Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198234Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198125Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197989Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197846Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197719Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197609Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197500Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197391Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197266Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197141Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197031Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1196922Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1196813Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1196688Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199953
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199843
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199734
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199625
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199515
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199405
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199296
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199187
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199078
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198949
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198610
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198484
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198375
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198265
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198156
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198047
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197937
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197828
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197718
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197609
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197499
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197390
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197280
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197171
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197062
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196953
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196843
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196734
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196625
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196514
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196400
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196281
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5207Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 367Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7460Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWindow / User API: threadDelayed 4710Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWindow / User API: threadDelayed 5135Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWindow / User API: threadDelayed 3547
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWindow / User API: threadDelayed 6295
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 6080Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5692Thread sleep count: 5207 > 30Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4916Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5764Thread sleep count: 367 > 30Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4832Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2052Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5936Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -99871s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -99750s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -99640s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -99531s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -99418s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -99312s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -99203s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -99093s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -98984s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -98875s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -98765s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -98656s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -98541s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -98437s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -98328s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -98218s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -98109s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -98000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -97890s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -97780s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1199954s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1199828s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1199719s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1199609s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1199500s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1199391s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1199281s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1199172s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1199063s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1198938s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1198813s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1198688s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1198578s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1198469s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1198344s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1198234s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1198125s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1197989s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1197846s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1197719s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1197609s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1197500s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1197391s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1197266s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1197141s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1197031s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1196922s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1196813s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe TID: 5636Thread sleep time: -1196688s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 5700Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -34126476536362649s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -100000s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -99891s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -99780s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -99672s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -99562s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -99453s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -99315s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -99105s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -98985s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -98860s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -98735s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -98610s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -98485s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -98360s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -98235s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -98110s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -97985s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -97860s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1199953s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1199843s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1199734s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1199625s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1199515s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1199405s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1199296s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1199187s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1199078s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1198949s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1198610s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1198484s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1198375s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1198265s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1198156s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1198047s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1197937s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1197828s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1197718s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1197609s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1197499s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1197390s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1197280s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1197171s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1197062s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1196953s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1196843s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1196734s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1196625s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1196514s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1196400s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exe TID: 2248Thread sleep time: -1196281s >= -30000s
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 99871Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 99750Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 99640Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 99531Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 99418Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 99312Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 99203Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 99093Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 98984Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 98875Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 98765Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 98656Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 98541Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 98437Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 98328Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 98218Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 98109Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 98000Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 97890Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 97780Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199954Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199828Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199719Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199609Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199500Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199391Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199281Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199172Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1199063Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198938Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198813Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198688Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198578Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198469Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198344Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198234Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1198125Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197989Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197846Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197719Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197609Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197500Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197391Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197266Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197141Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1197031Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1196922Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1196813Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeThread delayed: delay time: 1196688Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 100000
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 99891
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 99780
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 99672
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 99562
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 99453
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 99315
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 99105
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 98985
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 98860
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 98735
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 98610
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 98485
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 98360
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 98235
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 98110
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 97985
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 97860
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199953
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199843
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199734
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199625
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199515
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199405
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199296
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199187
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1199078
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198949
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198610
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198484
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198375
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198265
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198156
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1198047
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197937
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197828
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197718
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197609
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197499
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197390
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197280
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197171
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1197062
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196953
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196843
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196734
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196625
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196514
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196400
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeThread delayed: delay time: 1196281
                        Source: NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4585815980.0000000001690000.00000004.00000020.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4584327330.0000000001285000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Adds a directory exclusion to Windows Defender
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\RvUJzKx.exe"
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\RvUJzKx.exe"Jump to behavior
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeMemory written: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeMemory written: C:\Users\user\AppData\Roaming\RvUJzKx.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\RvUJzKx.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp"Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeProcess created: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp2DB8.tmp"Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeProcess created: C:\Users\user\AppData\Roaming\RvUJzKx.exe "C:\Users\user\AppData\Roaming\RvUJzKx.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Users\user\AppData\Roaming\RvUJzKx.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Users\user\AppData\Roaming\RvUJzKx.exe VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected AgentTesla
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 9.2.NEW SHIPPING DOCUMENTS.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.4892828.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.4892828.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.4813808.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.47947e8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000E.00000002.4586702521.000000000302B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.4586675330.000000000326B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: NEW SHIPPING DOCUMENTS.exe PID: 5552, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: NEW SHIPPING DOCUMENTS.exe PID: 7140, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RvUJzKx.exe PID: 6820, type: MEMORYSTR
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                        Tries to harvest and steal ftp login credentials
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeFile opened: C:\FTP Navigator\Ftplist.txt
                        Tries to steal Mail credentials (via file / registry access)
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                        Source: C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                        Source: C:\Users\user\AppData\Roaming\RvUJzKx.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.4892828.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.4892828.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.4813808.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.47947e8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000E.00000002.4586702521.000000000302B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.4586675330.000000000326B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: NEW SHIPPING DOCUMENTS.exe PID: 5552, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: NEW SHIPPING DOCUMENTS.exe PID: 7140, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RvUJzKx.exe PID: 6820, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected AgentTesla
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 9.2.NEW SHIPPING DOCUMENTS.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.3d43748.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.4892828.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.4892828.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.4813808.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.NEW SHIPPING DOCUMENTS.exe.47947e8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000E.00000002.4586702521.000000000302B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.4586675330.000000000326B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: NEW SHIPPING DOCUMENTS.exe PID: 5552, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: NEW SHIPPING DOCUMENTS.exe PID: 7140, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RvUJzKx.exe PID: 6820, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		11
                        Disable or Modify Tools                        		2
                        OS Credential Dumping                        		1
                        File and Directory Discovery                        		Remote Services1
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Scheduled Task/Job                        		1
                        Scheduled Task/Job                        		111
                        Process Injection                        		3
                        Obfuscated Files or Information                        		11
                        Input Capture                        		24
                        System Information Discovery                        		Remote Desktop Protocol2
                        Data from Local System                        		11
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts1
                        PowerShell                        		Logon Script (Windows)1
                        Scheduled Task/Job                        		2
                        Software Packing                        		1
                        Credentials in Registry                        		1
                        Query Registry                        		SMB/Windows Admin Shares1
                        Email Collection                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                        Timestomp                        		NTDS211
                        Security Software Discovery                        		Distributed Component Object Model11
                        Input Capture                        		2
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        DLL Side-Loading                        		LSA Secrets1
                        Process Discovery                        		SSH1
                        Clipboard Data                        		23
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        Masquerading                        		Cached Domain Credentials141
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                        Virtualization/Sandbox Evasion                        		DCSync1
                        Application Window Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                        Process Injection                        		Proc Filesystem1
                        System Network Configuration Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591638 Sample: NEW SHIPPING DOCUMENTS.exe Startdate: 15/01/2025 Architecture: WINDOWS Score: 100 46 mail.stilbo.eu 2->46 48 api.ipify.org 2->48 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 13 other signatures 2->60 8 NEW SHIPPING DOCUMENTS.exe 7 2->8         started        12 RvUJzKx.exe 5 2->12         started        signatures3 process4 file5 38 C:\Users\user\AppData\Roaming\RvUJzKx.exe, PE32 8->38 dropped 40 C:\Users\user\...\RvUJzKx.exe:Zone.Identifier, ASCII 8->40 dropped 42 C:\Users\user\AppData\Local\...\tmp1B68.tmp, XML 8->42 dropped 44 C:\Users\...44EW SHIPPING DOCUMENTS.exe.log, ASCII 8->44 dropped 62 Suspicious powershell command line found 8->62 64 Adds a directory exclusion to Windows Defender 8->64 66 Injects a PE file into a foreign processes 8->66 14 NEW SHIPPING DOCUMENTS.exe 15 2 8->14         started        18 powershell.exe 23 8->18         started        20 powershell.exe 23 8->20         started        22 schtasks.exe 1 8->22         started        68 Multi AV Scanner detection for dropped file 12->68 70 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->70 72 Machine Learning detection for dropped file 12->72 24 RvUJzKx.exe 12->24         started        26 schtasks.exe 12->26         started        signatures6 process7 dnsIp8 50 mail.stilbo.eu 212.44.102.65, 49714, 49724, 49994 DHH-ASSI Slovenia 14->50 52 api.ipify.org 104.26.13.205, 443, 49711, 49717 CLOUDFLARENETUS United States 14->52 74 Installs a global keyboard hook 14->74 76 Loading BitLocker PowerShell Module 18->76 28 conhost.exe 18->28         started        30 WmiPrvSE.exe 18->30         started        32 conhost.exe 20->32         started        34 conhost.exe 22->34         started        78 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 24->78 80 Tries to steal Mail credentials (via file / registry access) 24->80 82 Tries to harvest and steal ftp login credentials 24->82 84 Tries to harvest and steal browser information (history, passwords, etc) 24->84 36 conhost.exe 26->36         started        signatures9 process10

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        NEW SHIPPING DOCUMENTS.exe44%VirustotalBrowse
                        NEW SHIPPING DOCUMENTS.exe37%ReversingLabsByteCode-MSIL.Trojan.Genie8DN
                        NEW SHIPPING DOCUMENTS.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Roaming\RvUJzKx.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Roaming\RvUJzKx.exe37%ReversingLabsByteCode-MSIL.Trojan.Genie8DN

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://mail.stilbo.eu0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        mail.stilbo.eu
                        		212.44.102.65
                        		truetrue
                          		unknown
                          api.ipify.org
                          		104.26.13.205
                          		truefalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://api.ipify.org/false
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://api.ipify.orgNEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003221000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4582752473.000000000042E000.00000040.00000400.00020000.00000000.sdmpfalse
                                		high
                                https://account.dyn.com/NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4582718392.0000000000436000.00000040.00000400.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.microRvUJzKx.exe, 0000000E.00000002.4601362527.0000000006842000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNEW SHIPPING DOCUMENTS.exe, 00000000.00000002.2139661993.0000000002F63000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003221000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000A.00000002.2189774630.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.0000000002FE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://mail.stilbo.euNEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003329000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.00000000036D4000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.00000000035A7000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003367000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.00000000032C8000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.000000000347D000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003641000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.00000000033E5000.00000004.00000800.00020000.00000000.sdmp, NEW SHIPPING DOCUMENTS.exe, 00000009.00000002.4586675330.0000000003514000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.000000000302B000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.0000000003079000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.00000000033FA000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.000000000343B000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.000000000323C000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.0000000003112000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.0000000003366000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.000000000350C000.00000004.00000800.00020000.00000000.sdmp, RvUJzKx.exe, 0000000E.00000002.4586702521.00000000031A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/DataSet1.xsdNEW SHIPPING DOCUMENTS.exe, RvUJzKx.exe.0.drfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        104.26.13.205
                                        		api.ipify.orgUnited States
                                        		13335CLOUDFLARENETUSfalse
                                        212.44.102.65
                                        		mail.stilbo.euSlovenia
                                        		43128DHH-ASSItrue

                                        General Information

                                        Joe Sandbox version:42.0.0 Malachite
                                        Analysis ID:1591638
                                        Start date and time:2025-01-15 08:39:13 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 10m 14s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:19
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Sample name:NEW SHIPPING DOCUMENTS.exe
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@19/15@2/2
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:
                                        • Successful, ratio: 99%
                                        • Number of executed functions: 193
                                        • Number of non-executed functions: 34
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                        Warnings

                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 2.23.242.162, 13.107.246.45, 4.245.163.56
                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtCreateKey calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Report size getting too big, too many NtReadVirtualMemory calls found.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        02:40:04API Interceptor8731026x Sleep call for process: NEW SHIPPING DOCUMENTS.exe modified
                                        02:40:06API Interceptor40x Sleep call for process: powershell.exe modified
                                        02:40:09API Interceptor6339685x Sleep call for process: RvUJzKx.exe modified
                                        08:40:07Task SchedulerRun new task: RvUJzKx path: C:\Users\user\AppData\Roaming\RvUJzKx.exe

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        104.26.13.205Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/
                                        BiXS3FRoLe.exeGet hashmaliciousTrojanRansomBrowse
                                        • api.ipify.org/
                                        lEUy79aLAW.exeGet hashmaliciousTrojanRansomBrowse
                                        • api.ipify.org/
                                        Simple1.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/
                                        2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/
                                        file.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/
                                        file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                        • api.ipify.org/
                                        file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                        • api.ipify.org/
                                        file.exeGet hashmaliciousRDPWrap ToolBrowse
                                        • api.ipify.org/
                                        Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                        • api.ipify.org/
                                        212.44.102.65new order.exeGet hashmaliciousAgentTeslaBrowse
                                          SMBKT-20242005.exeGet hashmaliciousAgentTeslaBrowse

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            api.ipify.orgnew order.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.13.205
                                            https://savory-sweet-felidae-psrnd.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                            • 104.26.12.205
                                            http://loginmicrosoftonline.al-mutaheda.com/expiration/notice/nRrRc/receiving@accel-inc.comGet hashmaliciousHTMLPhisherBrowse
                                            • 104.26.12.205
                                            Employee_Salary_Update.docxGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                            • 104.26.13.205
                                            https://www.explorium.ai/notice-of-processing-for-eu-residents/?email=fabrice.duval@socotec.comGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            https://www.explorium.ai/notice-of-processing-for-eu-residents/?email=fabrice.duval@socotec.comGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            VRO.exeGet hashmaliciousUnknownBrowse
                                            • 172.67.74.152
                                            mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                            • 104.26.13.205
                                            VRO.exeGet hashmaliciousUnknownBrowse
                                            • 104.26.12.205
                                            mail.stilbo.eunew order.exeGet hashmaliciousAgentTeslaBrowse
                                            • 212.44.102.65
                                            SMBKT-20242005.exeGet hashmaliciousAgentTeslaBrowse
                                            • 212.44.102.65

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            CLOUDFLARENETUSCompany introduction.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 104.21.48.1
                                            new order.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.13.205
                                            https://qvg.soundestlink.com/ce/c/6783ea8fa36d871b210a875d/678648091eb09f6bc9efe05e/678648224da9c434ec77e1fc?signature=c3a7b24183dde70b3cc2cefa1e1d5f8ff6f1d434aea3b4c4cfdeccd85ad85929Get hashmaliciousUnknownBrowse
                                            • 104.18.42.178
                                            MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zipGet hashmaliciousUnknownBrowse
                                            • 104.16.148.130
                                            https://url.rw/ddj4fGet hashmaliciousUnknownBrowse
                                            • 1.1.1.1
                                            Invdoc80.pdfGet hashmaliciousHTMLPhisherBrowse
                                            • 104.21.18.22
                                            https://padlet.com/prowebsolutions488/new-message-jba6y6w7rg9tzzmnGet hashmaliciousHTMLPhisherBrowse
                                            • 104.22.67.248
                                            rDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 104.21.96.1
                                            https://androiddatahost.com/sdsd3Get hashmaliciousUnknownBrowse
                                            • 104.21.80.92
                                            Final-Agreement-Document#808977735.pdfGet hashmaliciousHTMLPhisherBrowse
                                            • 188.114.96.3
                                            DHH-ASSInew order.exeGet hashmaliciousAgentTeslaBrowse
                                            • 212.44.102.65
                                            Nowe zam.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 212.44.112.138
                                            ZAPYTANIE OFERTOWE ST-2024-S315 CPA9170385.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                                            • 212.44.112.138
                                            SMBKT-20242005.exeGet hashmaliciousAgentTeslaBrowse
                                            • 212.44.102.65
                                            a5hbkmGD7N.exeGet hashmaliciousPushdoBrowse
                                            • 212.44.102.75
                                            G7DyaA9iz9.exeGet hashmaliciousPushdoBrowse
                                            • 212.44.102.75
                                            x607DB0i08.exeGet hashmaliciousPushdoBrowse
                                            • 212.44.102.75
                                            x7RlIzQDk1.exeGet hashmaliciousUnknownBrowse
                                            • 212.44.102.75
                                            EwK95WVtzI.exeGet hashmaliciousPushdoBrowse
                                            • 212.44.102.75
                                            OWd39WUX3D.exeGet hashmaliciousPushdoBrowse
                                            • 212.44.102.75

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            3b5074b1b5d032e5620f69f9f700ff0eCompany introduction.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 104.26.13.205
                                            new order.exeGet hashmaliciousAgentTeslaBrowse
                                            • 104.26.13.205
                                            rDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 104.26.13.205
                                            NLWfV87ouS.dllGet hashmaliciousWannacryBrowse
                                            • 104.26.13.205
                                            542CxvZnI5.dllGet hashmaliciousVirut, WannacryBrowse
                                            • 104.26.13.205
                                            https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/b/?_encoding=UTF8&_encoding=UTF8&node=3024314031&bbn=16435051&pd_rd_w=VSdHJ&content-id=amzn1.sym.01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_p=01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_r=E0WD16QK99B55VAWSKBQ&pd_rd_wg=EU3Lj&pd_rd_r=fd3510c2-a6e6-4f59-a468-c59aac80bfa9&ref_=pd_hp_d_btf_unkGet hashmaliciousUnknownBrowse
                                            • 104.26.13.205
                                            https://ziyahid.github.io/netflix-cloneGet hashmaliciousHTMLPhisherBrowse
                                            • 104.26.13.205
                                            http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlGet hashmaliciousHTMLPhisherBrowse
                                            • 104.26.13.205
                                            http://emeklilereozeldir.org/Get hashmaliciousUnknownBrowse
                                            • 104.26.13.205
                                            http://industrious-tomato-ngvkcs.mystrikingly.com/Get hashmaliciousUnknownBrowse
                                            • 104.26.13.205

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW SHIPPING DOCUMENTS.exe.log

                                            Download File
                                            Process:C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):1216
                                            Entropy (8bit):5.34331486778365
                                            Encrypted:false
                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                            Malicious:true
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RvUJzKx.exe.log

                                            Download File
                                            Process:C:\Users\user\AppData\Roaming\RvUJzKx.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):1216
                                            Entropy (8bit):5.34331486778365
                                            Encrypted:false
                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                            Malicious:false
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                            Download File
                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):2232
                                            Entropy (8bit):5.380134126512796
                                            Encrypted:false
                                            SSDEEP:48:+WSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMugeC/ZPUyus:+LHxvIIwLgZ2KRHWLOug8s
                                            MD5:4E5AEFBECDD6A24C184CDD8FDAAD6B84
                                            SHA1:0DE69FB509C5811701792B3876F5147C23E6B90B
                                            SHA-256:F53109B6058DB6F19701209D49D943D7A95897C89F267B81684CFB8CDE73A83C
                                            SHA-512:15CB74549A26E726FBC89CCE29B9B79BB3CE7E9DFAE02B822A7C2A29370DC16C660BFB91E9B4820F6DC1E60E9C8AE1A2BA1B408257FD43ECD5F565B8F6A0BE85
                                            Malicious:false
                                            Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2p4jyn30.xrz.ps1

                                            Download File
                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_51yflde4.045.ps1

                                            Download File
                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dwcdgyqm.550.psm1

                                            Download File
                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l2wwfs0b.0bh.ps1

                                            Download File
                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l3n3umgl.dcg.psm1

                                            Download File
                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lrwlue3o.rvb.psm1

                                            Download File
                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t1vu3hdt.f3z.ps1

                                            Download File
                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xqmf55dx.iny.psm1

                                            Download File
                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):60
                                            Entropy (8bit):4.038920595031593
                                            Encrypted:false
                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                            Malicious:false
                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                            C:\Users\user\AppData\Local\Temp\tmp1B68.tmp

                                            Download File
                                            Process:C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe
                                            File Type:XML 1.0 document, ASCII text
                                            Category:dropped
                                            Size (bytes):1594
                                            Entropy (8bit):5.102100632208249
                                            Encrypted:false
                                            SSDEEP:24:2di4+S2qhHb1eHky1mIHdUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtLTz+xv:cge7QYrFdOFzOzN33ODOiDdKrsuTryv
                                            MD5:35D39C2EF31F5D1298BAC677EBC70012
                                            SHA1:83E2EF0BBEBF4B6A960F429AB84C2338C3002E40
                                            SHA-256:FCCC40BB3FF8386F78D4D1B12C8603431D749599A52798FB287373BB02BE9D66
                                            SHA-512:AC47849703C026D2DA4BD21A4CF7643AA0A13BF7F7168B9129EBB35F9CFD245B2FF3FAD4F29BD1D78BCEA24274DFC1511549082CE5E971627135906A0D7B6535
                                            Malicious:true
                                            Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <Run

                                            C:\Users\user\AppData\Local\Temp\tmp2DB8.tmp

                                            Download File
                                            Process:C:\Users\user\AppData\Roaming\RvUJzKx.exe
                                            File Type:XML 1.0 document, ASCII text
                                            Category:dropped
                                            Size (bytes):1594
                                            Entropy (8bit):5.102100632208249
                                            Encrypted:false
                                            SSDEEP:24:2di4+S2qhHb1eHky1mIHdUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtLTz+xv:cge7QYrFdOFzOzN33ODOiDdKrsuTryv
                                            MD5:35D39C2EF31F5D1298BAC677EBC70012
                                            SHA1:83E2EF0BBEBF4B6A960F429AB84C2338C3002E40
                                            SHA-256:FCCC40BB3FF8386F78D4D1B12C8603431D749599A52798FB287373BB02BE9D66
                                            SHA-512:AC47849703C026D2DA4BD21A4CF7643AA0A13BF7F7168B9129EBB35F9CFD245B2FF3FAD4F29BD1D78BCEA24274DFC1511549082CE5E971627135906A0D7B6535
                                            Malicious:false
                                            Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <Run

                                            C:\Users\user\AppData\Roaming\RvUJzKx.exe

                                            Download File
                                            Process:C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe
                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Category:dropped
                                            Size (bytes):797696
                                            Entropy (8bit):7.6166130615820675
                                            Encrypted:false
                                            SSDEEP:12288:/bdhloJNhQ/cWS7stavkg+t7di+u6VNPD0xvUPoCsTDW4nlpVOWN6fc/WwBZfvo:fiJN+UVsCkgOkQNPQ2oCsWys0xpBZfA
                                            MD5:10A2684AAE3F75A984DC63506E8ED8DC
                                            SHA1:99A1EF344D13F5B44F3B0526F44072154E30641B
                                            SHA-256:6F094AA75A8322555241FAE3063C17075A6ED5166BFB41C9055C390278178D6B
                                            SHA-512:4D001589415898B61F52F01A652A268E3919BC6CED17B12ABFBDCC71C64E49F3BF92B00E0F89ED64F120600B95A79FEC23406AFA3F7B8587552BD270424B1526
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 37%
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|:................0.."...........A... ...`....@.. ....................................@..................................A..O....`..................................p............................................ ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................A......H........{..8i......x...T...h9............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*....0..z........ ....}.......}......}......}.....s....}.....s....}.....(........+*..{.... ....o .....{......o!...o".......X...........-.*...0............{.....+..*.0...........r...p..r...p..r-..p..r?..p..rO..p..r_..p............s....}....~....(#.......9.....~....s$.........8`.......X.............YE........1...`...........

                                            C:\Users\user\AppData\Roaming\RvUJzKx.exe:Zone.Identifier

                                            Download File
                                            Process:C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):26
                                            Entropy (8bit):3.95006375643621
                                            Encrypted:false
                                            SSDEEP:3:ggPYV:rPYV
                                            MD5:187F488E27DB4AF347237FE461A079AD
                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                            Malicious:true
                                            Preview:[ZoneTransfer]....ZoneId=0

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):7.6166130615820675
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            • DOS Executable Generic (2002/1) 0.01%
                                            File name:NEW SHIPPING DOCUMENTS.exe
                                            File size:797'696 bytes
                                            MD5:10a2684aae3f75a984dc63506e8ed8dc
                                            SHA1:99a1ef344d13f5b44f3b0526f44072154e30641b
                                            SHA256:6f094aa75a8322555241fae3063c17075a6ed5166bfb41c9055c390278178d6b
                                            SHA512:4d001589415898b61f52f01a652a268e3919bc6ced17b12abfbdcc71c64e49f3bf92b00e0f89ed64f120600b95a79fec23406afa3f7b8587552bd270424b1526
                                            SSDEEP:12288:/bdhloJNhQ/cWS7stavkg+t7di+u6VNPD0xvUPoCsTDW4nlpVOWN6fc/WwBZfvo:fiJN+UVsCkgOkQNPQ2oCsWys0xpBZfA
                                            TLSH:7105C0C03B257711DE6CBA74853AEDB863A42E28B004F5E26EED3B8775D9203991CF45
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|:................0.."...........A... ...`....@.. ....................................@................................

                                            File Icon

                                            Icon Hash:00928e8e8686b000

                                            Static PE Info

                                            General

                                            Entrypoint:0x4c41d2
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0xEAEA3A7C [Sun Nov 21 23:02:20 2094 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                            Entrypoint Preview

                                            Instruction
                                            jmp dword ptr [00402000h]
                                            lodsd
                                            fiadd word ptr [eax]
                                            add bh, ch
                                            mov esi, CAFE0000h
                                            add byte ptr [eax], al
                                            mov esi, 000000BAh
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xc41800x4f.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc60000x5ac.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xc80000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xc1dbc0x70.text
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000xc21e80xc2200b68179466fec5e173fce82acb4085ed5False0.8601849243399872data7.622432389649315IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rsrc0xc60000x5ac0x6005e16c3a34158776cd548aeca53fb7d1aFalse0.4192708333333333data4.087798358607494IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0xc80000xc0x200ceacd79eaeb3df9a224d6e317d13ba14False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_VERSION0xc60900x31cdata0.4334170854271357
                                            RT_MANIFEST0xc63bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                            Imports

                                            DLLImport
                                            mscoree.dll_CorExeMain

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2025-01-15T08:40:00.730469+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.649724212.44.102.65587TCP
                                            2025-01-15T08:40:00.730469+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.649714212.44.102.65587TCP
                                            2025-01-15T08:41:26.619287+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.649994212.44.102.65587TCP
                                            2025-01-15T08:41:26.619287+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.649994212.44.102.65587TCP
                                            2025-01-15T08:41:36.980692+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.649996212.44.102.65587TCP
                                            2025-01-15T08:41:36.980692+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.649996212.44.102.65587TCP
                                            2025-01-15T08:41:42.320173+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.649997212.44.102.65587TCP
                                            2025-01-15T08:41:42.320173+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.649997212.44.102.65587TCP
                                            2025-01-15T08:42:05.375634+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.649999212.44.102.65587TCP
                                            2025-01-15T08:42:05.375634+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.649999212.44.102.65587TCP
                                            2025-01-15T08:42:22.962578+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650001212.44.102.65587TCP
                                            2025-01-15T08:42:22.962578+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650001212.44.102.65587TCP
                                            2025-01-15T08:42:25.930500+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650002212.44.102.65587TCP
                                            2025-01-15T08:42:25.930500+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650002212.44.102.65587TCP
                                            2025-01-15T08:42:33.027740+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650003212.44.102.65587TCP
                                            2025-01-15T08:42:33.027740+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650003212.44.102.65587TCP
                                            2025-01-15T08:42:34.918407+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650004212.44.102.65587TCP
                                            2025-01-15T08:42:34.918407+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650004212.44.102.65587TCP
                                            2025-01-15T08:42:37.191851+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650005212.44.102.65587TCP
                                            2025-01-15T08:42:37.191851+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650005212.44.102.65587TCP
                                            2025-01-15T08:42:59.617539+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650006212.44.102.65587TCP
                                            2025-01-15T08:42:59.617539+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650006212.44.102.65587TCP
                                            2025-01-15T08:43:00.856892+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650009212.44.102.65587TCP
                                            2025-01-15T08:43:00.856892+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650009212.44.102.65587TCP
                                            2025-01-15T08:43:02.452302+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650010212.44.102.65587TCP
                                            2025-01-15T08:43:02.452302+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650010212.44.102.65587TCP
                                            2025-01-15T08:43:08.488383+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650011212.44.102.65587TCP
                                            2025-01-15T08:43:08.488383+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650011212.44.102.65587TCP
                                            2025-01-15T08:43:23.137247+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650013212.44.102.65587TCP
                                            2025-01-15T08:43:23.137247+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650013212.44.102.65587TCP
                                            2025-01-15T08:43:26.288908+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650014212.44.102.65587TCP
                                            2025-01-15T08:43:26.288908+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650014212.44.102.65587TCP
                                            2025-01-15T08:43:32.394561+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650015212.44.102.65587TCP
                                            2025-01-15T08:43:32.394561+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650015212.44.102.65587TCP
                                            2025-01-15T08:43:37.148727+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650016212.44.102.65587TCP
                                            2025-01-15T08:43:37.148727+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650016212.44.102.65587TCP
                                            2025-01-15T08:43:44.906076+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650017212.44.102.65587TCP
                                            2025-01-15T08:43:44.906076+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650017212.44.102.65587TCP
                                            2025-01-15T08:43:45.168660+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650018212.44.102.65587TCP
                                            2025-01-15T08:43:45.168660+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650018212.44.102.65587TCP
                                            2025-01-15T08:43:50.511642+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650019212.44.102.65587TCP
                                            2025-01-15T08:43:50.511642+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650019212.44.102.65587TCP
                                            2025-01-15T08:43:59.224570+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650021212.44.102.65587TCP
                                            2025-01-15T08:43:59.224570+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650021212.44.102.65587TCP
                                            2025-01-15T08:44:02.312599+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650022212.44.102.65587TCP
                                            2025-01-15T08:44:02.312599+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650022212.44.102.65587TCP
                                            2025-01-15T08:44:06.002352+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650023212.44.102.65587TCP
                                            2025-01-15T08:44:06.002352+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650023212.44.102.65587TCP
                                            2025-01-15T08:44:16.415811+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650025212.44.102.65587TCP
                                            2025-01-15T08:44:16.415811+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650025212.44.102.65587TCP
                                            2025-01-15T08:44:16.554803+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.650026212.44.102.65587TCP
                                            2025-01-15T08:44:16.554803+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.650026212.44.102.65587TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 15, 2025 08:40:07.163156986 CET49711443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:07.163191080 CET44349711104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:07.163300991 CET49711443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:07.171727896 CET49711443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:07.171737909 CET44349711104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:07.727701902 CET44349711104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:07.728782892 CET49711443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:07.751631021 CET49711443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:07.751651049 CET44349711104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:07.752039909 CET44349711104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:07.793128014 CET49711443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:07.830398083 CET49711443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:07.871339083 CET44349711104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:07.961787939 CET44349711104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:07.961843014 CET44349711104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:07.962002039 CET49711443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:07.968708038 CET49711443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:09.234236956 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:09.239933014 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:09.240256071 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:09.925712109 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:09.926049948 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:09.931529999 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:10.121700048 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:10.122991085 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:10.127875090 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:10.325176001 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:10.326925039 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:10.331795931 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:10.562782049 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:10.563285112 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:10.568103075 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:10.770340919 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:10.770765066 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:10.775582075 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:11.017138958 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:11.025093079 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:11.030004978 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:11.220256090 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:11.220890999 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:11.220890999 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:11.220942974 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:11.220942974 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:11.232522011 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:11.232541084 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:11.232553959 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:11.232567072 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:11.448425055 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:11.527334929 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:11.534868956 CET49717443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:11.534905910 CET44349717104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:11.534971952 CET49717443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:11.539508104 CET49717443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:11.539526939 CET44349717104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:12.038546085 CET44349717104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:12.038614035 CET49717443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:12.040044069 CET49717443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:12.040054083 CET44349717104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:12.040422916 CET44349717104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:12.088422060 CET49717443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:12.131350994 CET44349717104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:12.258356094 CET44349717104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:12.258522034 CET44349717104.26.13.205192.168.2.6
                                            Jan 15, 2025 08:40:12.258574963 CET49717443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:12.260737896 CET49717443192.168.2.6104.26.13.205
                                            Jan 15, 2025 08:40:12.815157890 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:12.820080996 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:12.820166111 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:13.412331104 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:13.412524939 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:13.417479992 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:13.629858971 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:13.635843992 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:13.640655041 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:13.831886053 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:13.832088947 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:13.836910963 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.081362963 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.081638098 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:14.086571932 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.278748989 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.278915882 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:14.283828974 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.529468060 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.530071974 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:14.534972906 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.725944996 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.726455927 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:14.726593971 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:14.726627111 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:14.726643085 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:40:14.731416941 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.731503010 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.731534004 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.731563091 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:14.998917103 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:40:15.042954922 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:24.292192936 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:24.296978951 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:24.689810991 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:24.689830065 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:24.689882994 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:24.689918995 CET49714587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:24.690924883 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:24.694688082 CET58749714212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:24.695770979 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:24.695844889 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:25.298851013 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:25.299032927 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:25.303958893 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:25.497714996 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:25.497910976 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:25.502885103 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:25.696139097 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:25.696351051 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:25.701210022 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:25.943561077 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:25.945471048 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:25.950355053 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.143412113 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.143606901 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.148399115 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.412873983 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.413207054 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.418066978 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.611443043 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.612853050 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.612993956 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.613085032 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.613085032 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.614387035 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.617695093 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.617985964 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.618014097 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.618042946 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.618119955 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.619215012 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.619276047 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.619287014 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.619304895 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.619374037 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.619395018 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.619401932 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.619427919 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.619482040 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.621912003 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.621938944 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.622004032 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.622834921 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.622863054 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.622900009 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.622931004 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.622947931 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.623032093 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.624494076 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.624522924 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.624572992 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.624593019 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.624600887 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.624628067 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.624669075 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.624701023 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.626857996 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.627049923 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.627772093 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.627804995 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.627836943 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.627866030 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.627921104 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.627979040 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.629411936 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.629470110 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.629481077 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.629502058 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.629533052 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.629587889 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.629616022 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.629647017 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.629648924 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:26.629713058 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.629746914 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.629796028 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.629828930 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.631900072 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632550001 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632577896 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632606030 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632632971 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632666111 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632740021 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632766962 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632814884 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632842064 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632867098 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.632894039 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634145975 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634258032 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634284973 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634311914 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634339094 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634366035 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634530067 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634583950 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634646893 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634701967 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634753942 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634780884 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634808064 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634834051 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634882927 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634910107 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:26.634937048 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:27.176697016 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:27.230587959 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:34.709935904 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:34.714780092 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:35.108774900 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:35.108793020 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:35.108886003 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:35.108921051 CET49724587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:35.109738111 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:35.113857031 CET58749724212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:35.114861012 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:35.114929914 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:35.702776909 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:35.702933073 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:35.707787991 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:35.897150993 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:35.897429943 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:35.902303934 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.110727072 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.110927105 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.115833998 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.319070101 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.321355104 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.326174974 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.515906096 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.516021967 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.522907019 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.765903950 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.766086102 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.770912886 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.960134029 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.960839987 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.960840940 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.960959911 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.961042881 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.962990046 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.965759039 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.965784073 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.965792894 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.965841055 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.965898037 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.967848063 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.967859030 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.967900038 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.967909098 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.967977047 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.967986107 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.968065023 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.968075037 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.968094110 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.970632076 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.980691910 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.985573053 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.985625982 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.985635996 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.985663891 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.985687971 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.985697985 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.985701084 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.985738039 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.985755920 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.985761881 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.985795975 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.985799074 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.985843897 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.985857010 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.985904932 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.985913992 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.985933065 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.985953093 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.985995054 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.990447998 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.990478992 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.990516901 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:36.990593910 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.990720987 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.990914106 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.990926027 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991046906 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991055965 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991071939 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991131067 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991141081 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991183043 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991192102 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991229057 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991239071 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991379023 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991389036 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991396904 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991405010 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991507053 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991514921 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991523981 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991533041 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991617918 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991626978 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991635084 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.991643906 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.995352030 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.995361090 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.995441914 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.995469093 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:36.995476961 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:37.439608097 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:37.481287003 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:39.960433960 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:39.965353966 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:40.357811928 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:40.358004093 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:40.358134985 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:40.358920097 CET49996587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:40.359894037 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:40.364439011 CET58749996212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:40.365384102 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:40.369338989 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:40.984235048 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:40.984375000 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:40.989455938 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:41.184407949 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:41.184571981 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:41.189343929 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:41.388041019 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:41.431976080 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:41.437688112 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:41.647067070 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:41.649408102 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:41.654392004 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:41.849107027 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:41.853272915 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:41.858171940 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.113255024 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.113564014 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.118540049 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.313498974 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.313898087 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.313972950 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.313972950 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.315088987 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.315088987 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.318816900 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.318836927 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.318850040 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.318907976 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.319943905 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.319964886 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.320015907 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.320058107 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.320072889 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.320086002 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.320172071 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.320173025 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.320187092 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.320239067 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.320250034 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.320251942 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.320267916 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.320307016 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.320374966 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.323729038 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.324394941 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.325169086 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.325192928 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.325237036 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.325287104 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.325309038 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.325392008 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.325406075 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.325417995 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.325421095 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.325479031 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.325542927 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.325556040 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.325571060 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.325624943 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.329663038 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330595016 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330674887 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330703020 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330724001 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:41:42.330754042 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330781937 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330807924 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330851078 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330899000 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330925941 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330971956 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.330997944 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331029892 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331096888 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331124067 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331150055 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331196070 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331223011 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331248999 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331274033 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331351042 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331377029 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331443071 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331469059 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.331587076 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.336112976 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.336327076 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.336375952 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.336402893 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.336528063 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.336555958 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.336582899 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.336608887 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.336635113 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.777141094 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:41:42.918118000 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:02.926213980 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:02.931730032 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:03.329153061 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:03.329190969 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:03.329387903 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:03.329387903 CET49997587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:03.330387115 CET49998587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:03.334261894 CET58749997212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:03.335294008 CET58749998212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:03.335367918 CET49998587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:03.434365988 CET49998587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:03.439357996 CET58749998212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:03.439414978 CET49998587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:03.517401934 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:03.522325039 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:03.524466991 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:04.114955902 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:04.115557909 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:04.120486021 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:04.309883118 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:04.313532114 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:04.318492889 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:04.508640051 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:04.508846045 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:04.513813972 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:04.722531080 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:04.722662926 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:04.727475882 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:04.921024084 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:04.921170950 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:04.926101923 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.173600912 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.174046040 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.178935051 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.368990898 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.369235992 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.369294882 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.369294882 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.369344950 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.370662928 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.374237061 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.374253035 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.374264956 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.374336958 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.374341011 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.375534058 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.375572920 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.375586033 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.375633955 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.375643969 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.375657082 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.375669003 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.375705957 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.375730038 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.375782967 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.375796080 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.375853062 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.379028082 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.379041910 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.379116058 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.379180908 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.379240990 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.380516052 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.380530119 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.380609035 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.380745888 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.380759001 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.380769968 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.380827904 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.380861998 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.380863905 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.380909920 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.380935907 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.384057999 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.384138107 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.384215117 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.384304047 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.384377003 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.385552883 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.385623932 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.385777950 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.385832071 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.386009932 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.386027098 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.386130095 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.386142969 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.386171103 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.386208057 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.386219978 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.386256933 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.386267900 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.389158010 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.389170885 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390393972 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390408039 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390455961 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390467882 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390506029 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390517950 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390579939 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390593052 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390624046 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390659094 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390671015 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390806913 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390820026 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390830994 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390842915 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.390924931 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:05.395885944 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:05.879434109 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:06.029367924 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:20.702733994 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:20.707660913 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:21.099611044 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:21.099646091 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:21.099725962 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:21.099725962 CET49999587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:21.100730896 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:21.104827881 CET58749999212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:21.105618000 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:21.105680943 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:21.695286989 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:21.700335026 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:21.705231905 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:21.895622015 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:21.897586107 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:21.902429104 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.093012094 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.095375061 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.100229025 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.306224108 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.309845924 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.314672947 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.504766941 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.512413025 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.517281055 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.759773016 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.759938955 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.764843941 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.955385923 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.955760002 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.955760002 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.955811977 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.955915928 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.957576990 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.960658073 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.960669041 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.960676908 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.960738897 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.960764885 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.962512016 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.962522984 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.962531090 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.962537050 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.962547064 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.962578058 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.962614059 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.962687016 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.962688923 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.962730885 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.962750912 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.965451956 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.965464115 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.965527058 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.965584040 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.965626955 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.967431068 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.967452049 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.967485905 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.967495918 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.967550039 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.967680931 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.967741966 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.967747927 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.967757940 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.967767000 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.967804909 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.967833996 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.970426083 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.970485926 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.970551968 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.970599890 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.972305059 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972322941 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972359896 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.972364902 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972397089 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:22.972409010 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972554922 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972563982 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972595930 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972671032 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972712994 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972722054 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972773075 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972814083 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972822905 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972840071 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972848892 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972867012 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.972875118 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.975362062 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.975372076 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977046967 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977056026 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977072954 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977082968 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977092028 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977102995 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977118015 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977135897 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977147102 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977155924 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977193117 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977324963 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977334023 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977351904 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:22.977360010 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:23.457259893 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:23.527827024 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:23.609373093 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:23.614583015 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:24.006398916 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:24.007088900 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:24.007241011 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:24.007294893 CET50001587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:24.011420012 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:24.012239933 CET58750001212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:24.016467094 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:24.019649982 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:24.602267027 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:24.602474928 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:24.608086109 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:24.796267033 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:24.798405886 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:24.803275108 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:24.992692947 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:24.993021011 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:24.997865915 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.206706047 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.278711081 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.283766985 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.473020077 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.473162889 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.478048086 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.717670918 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.721400023 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.726248026 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.923404932 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.923728943 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.923791885 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.923793077 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.923909903 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.925421000 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.928704977 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.928736925 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.928766012 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.928854942 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.928901911 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.930326939 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.930380106 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.930408001 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.930458069 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.930485964 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.930500031 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.930536032 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.930563927 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.930574894 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.930609941 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.930644989 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.933492899 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.933521986 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.933559895 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.933619022 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.933779955 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.934143066 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.935437918 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.935497999 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.935523033 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.935569048 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.935574055 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.935693026 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.935710907 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.935739040 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.935766935 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.935781002 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.935798883 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.935857058 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.935878038 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.938538074 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.938725948 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.939146996 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.939218044 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.940443039 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.940515041 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:25.940752029 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.940804958 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.940834045 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.940916061 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.940943956 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.940972090 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.941020966 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.941049099 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.941076040 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.941126108 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.941152096 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.941179991 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.941206932 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.941234112 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.943608999 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945230961 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945260048 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945293903 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945343018 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945475101 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945524931 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945628881 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945657015 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945684910 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945710897 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945760965 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945787907 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945837975 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945866108 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945892096 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:25.945919037 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:26.436800003 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:26.529490948 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:30.701965094 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:30.707000971 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:31.098568916 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:31.098680973 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:31.098718882 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:31.098769903 CET50002587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:31.099828959 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:31.103542089 CET58750002212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:31.104671955 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:31.104728937 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:31.691896915 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:31.692764997 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:31.697566986 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:31.887778997 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:31.888030052 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:31.893045902 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.083301067 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.084306002 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.089489937 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.323121071 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.323364973 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.328188896 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.518285990 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.518877029 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.523785114 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.626959085 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.631959915 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.763081074 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.763211966 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.768023968 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.958173990 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.958420038 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.958513021 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.958539963 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.958698988 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.960484028 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.963346004 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.963361025 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.963373899 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.963433981 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:32.963529110 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.965358973 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.965373039 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.965396881 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.965409040 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.965420961 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.965610027 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.965622902 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.968076944 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.968105078 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:32.968249083 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.027595997 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.027699947 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.027740002 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.027813911 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.027998924 CET49994587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.029474974 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.032680988 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.032742977 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.032768011 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.032788038 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.032798052 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.032856941 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.032869101 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.032932997 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.037421942 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.037436962 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.037447929 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.037458897 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.037472010 CET58749994212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.037484884 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.037498951 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.037508965 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.037547112 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.037580013 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.037615061 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.037791967 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.037808895 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.037848949 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.042262077 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.042277098 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.042288065 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.042371988 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.042515039 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.043118954 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.421720982 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.527695894 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.622785091 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.622994900 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.627916098 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.817313910 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:33.817573071 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:33.822612047 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.023073912 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.027491093 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.032475948 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.238832951 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.239784002 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.244613886 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.433959007 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.434118032 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.439019918 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.675544977 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.675803900 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.680618048 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.863714933 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.868632078 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.870657921 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.871047974 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.871047974 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.871047974 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.871085882 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.872675896 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.875941038 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.875957966 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.875969887 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.876022100 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.876039028 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.877533913 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.877549887 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.877573013 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.877584934 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.877607107 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.877619028 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.877631903 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.877760887 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.877773046 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.880825996 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.918406963 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.924397945 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.924540043 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.929402113 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929462910 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929477930 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929480076 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.929528952 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929548025 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.929564953 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929605007 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:34.929608107 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929653883 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929692030 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929733992 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929769993 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929815054 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929883957 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929897070 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.929999113 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.930011988 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.930023909 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934269905 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934302092 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934317112 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934362888 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934377909 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934490919 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934508085 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934514046 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934515953 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934520006 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934528112 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934606075 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934616089 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934621096 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934628963 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934640884 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:34.934657097 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:35.261584044 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:35.261620998 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:35.261677027 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:35.261722088 CET50003587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:35.262897015 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:35.266542912 CET58750003212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:35.267802000 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:35.267869949 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:35.422125101 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:35.508269072 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:35.854845047 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:35.855633974 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:35.860477924 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:36.049984932 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:36.050985098 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:36.055804968 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:36.245986938 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:36.246594906 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:36.251420021 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:36.456135988 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:36.456505060 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:36.461337090 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:36.650705099 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:36.652502060 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:36.657308102 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:36.905750990 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:36.989936113 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:36.994820118 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.184591055 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.184858084 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.184909105 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.184937000 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.185008049 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.186726093 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.191766977 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.191786051 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.191796064 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.191797972 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.191802025 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.191807985 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.191822052 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.191832066 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.191843033 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.191850901 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.191854000 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.191895008 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.192051888 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.192060947 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.192080975 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.192097902 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.192121029 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.192135096 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.196741104 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.196767092 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.196791887 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.196827888 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.196872950 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.196883917 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.196892977 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.196933985 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.196950912 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.196950912 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.196994066 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.196995020 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.197005033 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.197015047 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.197067022 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.201694012 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.201764107 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.201781034 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.201828957 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.201832056 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.201872110 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.201934099 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202004910 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202056885 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202066898 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202076912 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202125072 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202178001 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202249050 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202271938 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202281952 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202332973 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202343941 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202358007 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202368975 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202390909 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202402115 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202413082 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202424049 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202449083 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202460051 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.202471972 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.206636906 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.206698895 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.206711054 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.206768036 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.206778049 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.206813097 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.206821918 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.206943989 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.206954956 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.207036018 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:37.211863041 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.645283937 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:37.715188980 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:57.303934097 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:57.308867931 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:57.701718092 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:57.701946974 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:57.704027891 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:57.704123020 CET50004587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:57.708178997 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:57.708941936 CET58750004212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:57.713068008 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:57.715725899 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:57.741215944 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:57.746113062 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.137993097 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.138109922 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.139739037 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.139739037 CET50005587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.144316912 CET50007587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.144584894 CET58750005212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.149148941 CET58750007212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.151896954 CET50007587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.312588930 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.312870026 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.317725897 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.532712936 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.532883883 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.537806034 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.728929043 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.729131937 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.734072924 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.746793985 CET58750007212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.746922016 CET50007587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.751792908 CET58750007212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.762206078 CET50007587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.767291069 CET58750007212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.767381907 CET50007587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.830450058 CET50008587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.835349083 CET58750008212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.835582018 CET50008587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.872009039 CET50008587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.876909971 CET58750008212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.877129078 CET50008587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.967173100 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.967369080 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.972196102 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.994570971 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:58.999512911 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:58.999628067 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.163362026 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.163548946 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.168435097 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.409013033 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.409188032 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.414088011 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.605465889 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.609817028 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.609878063 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.609878063 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.610126972 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.612569094 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.614753008 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.614762068 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.614774942 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.614909887 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.614943027 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.617446899 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.617454052 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.617480993 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.617486954 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.617501974 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.617538929 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.617578030 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.617593050 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.617595911 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.617624998 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.617666006 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.617707968 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.618406057 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.618572950 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.619517088 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.619524002 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.619643927 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.619728088 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.619843006 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.622395992 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.622447014 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.622452974 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.622580051 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.622587919 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.622636080 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.622782946 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.623342991 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.624501944 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.624507904 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.624682903 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.624701977 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.627388000 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.627502918 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.627509117 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.627554893 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.627641916 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.627650976 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.627701998 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.627751112 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.627757072 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.627768993 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.627777100 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.627782106 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.628076077 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.628132105 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.628137112 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.628221989 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.628227949 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.629514933 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.629520893 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.629533052 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.629551888 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.629556894 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.629563093 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.629568100 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.629663944 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632273912 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632280111 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632318020 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632323980 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632361889 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632368088 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632390022 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632395029 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632517099 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632576942 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632688046 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632694006 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632707119 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632759094 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632765055 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.632772923 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.812207937 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:42:59.812522888 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:42:59.817303896 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.006330013 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.006839991 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.011802912 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.086689949 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.193291903 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.198486090 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.216340065 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.216989040 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.221798897 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.413558960 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.414093018 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.418934107 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.592531919 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.592607975 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.592751980 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.592751980 CET50006587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.594204903 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.597637892 CET58750006212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.599148035 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.599275112 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.656189919 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.656502008 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.661295891 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.850260019 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.850518942 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.850626945 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.850626945 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.850626945 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.851907969 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.855382919 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.855439901 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.855468988 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.855582952 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.855628014 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.856786013 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.856815100 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.856864929 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.856892109 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.856894016 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.856921911 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.856972933 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.856977940 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.857001066 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.857028008 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.857040882 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.857052088 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.857055902 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.857089996 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.857165098 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.860492945 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.860577106 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.861882925 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.861948013 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.861979008 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.861984968 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.862006903 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.862030983 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.862057924 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.862065077 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.862122059 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.862131119 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.862152100 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.862179041 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.862191916 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.862240076 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.862248898 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.862298012 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.862380028 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.865581989 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.865657091 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.866985083 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867083073 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:00.867160082 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867233038 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867261887 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867290020 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867341995 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867398024 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867425919 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867491007 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867521048 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867571115 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867599964 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867626905 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867654085 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867681980 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867708921 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867734909 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867784977 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867818117 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867846012 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867873907 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867899895 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867925882 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.867953062 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.870583057 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.870609999 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.870636940 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.870663881 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.872848988 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.872876883 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.872904062 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.872952938 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:00.872981071 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:01.196718931 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:01.196903944 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:01.201987028 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:01.304774046 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:01.392858982 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:01.393016100 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:01.397799015 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:01.418355942 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:01.589380026 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:01.589591980 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:01.594440937 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:01.800961971 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:01.801460028 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:01.806265116 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:01.997649908 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.001702070 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.006562948 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.248784065 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.249674082 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.254570007 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.445662022 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.446077108 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.446132898 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.446132898 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.446182966 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.447371006 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.450918913 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.450946093 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.450959921 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.451061964 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.451092958 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.452228069 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.452241898 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.452265024 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.452277899 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.452300072 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.452301979 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.452312946 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.452352047 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.452421904 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.452435970 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.452447891 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.452455997 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.452502966 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.455965996 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.457068920 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.457170010 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.457184076 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.457278013 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.457304001 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.457343102 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.457356930 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.457463026 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.457473040 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.457505941 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.457520962 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.457541943 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.457655907 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.462202072 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462286949 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462300062 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462313890 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462376118 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462420940 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462424040 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:02.462470055 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462502003 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462537050 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462579012 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462644100 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462690115 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462763071 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462775946 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462799072 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462810993 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462855101 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462867975 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462913990 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462925911 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462950945 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.462964058 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.463015079 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.463027954 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.466950893 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.467257977 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.467269897 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.467324972 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.467345953 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.467364073 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.467370033 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.467448950 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.467462063 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.467473984 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:02.911957979 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:03.027792931 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:06.185606003 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:06.190646887 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:06.584636927 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:06.584678888 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:06.584789038 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:06.584928989 CET50010587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:06.585769892 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:06.589648962 CET58750010212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:06.590639114 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:06.592223883 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:07.206192970 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:07.206374884 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:07.211216927 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:07.406944990 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:07.407182932 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:07.412674904 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:07.607918024 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:07.608344078 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:07.614017963 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:07.824434042 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:07.825742960 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:07.831655025 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.026936054 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.027151108 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.033670902 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.274384975 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.274846077 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.281543970 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.476052999 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.479861021 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.479969978 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.479969978 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.481249094 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.481249094 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.486849070 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.486998081 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.487026930 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488243103 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488271952 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488337994 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488364935 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488383055 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.488393068 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488418102 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.488426924 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488442898 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.488456011 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488462925 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.488485098 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.488506079 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488535881 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488563061 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.488573074 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.488620996 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.488682032 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.495476961 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.495635033 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.495734930 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.495763063 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.495790958 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.495822906 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.495871067 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.495873928 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.495902061 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.495929003 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.495955944 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.495984077 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.495985985 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.496028900 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.496287107 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.500852108 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.500976086 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501033068 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501061916 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501085997 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:08.501113892 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501147032 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501174927 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501230001 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501256943 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501307011 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501339912 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501373053 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501391888 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501405954 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501419067 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501432896 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501445055 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501471043 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501482964 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501508951 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501518965 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501529932 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501540899 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501559019 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.501569033 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.506364107 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.506372929 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.506390095 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.506397009 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.506460905 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.506469965 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.506478071 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.506594896 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.506603003 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:08.952850103 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:09.027762890 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:20.864701986 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:20.869467020 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:21.266925097 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:21.266948938 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:21.267010927 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:21.267095089 CET50011587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:21.271887064 CET58750011212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:21.278156042 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:21.283026934 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:21.283093929 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:21.876838923 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:21.876998901 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:21.881858110 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:22.073160887 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:22.073299885 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:22.078115940 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:22.269594908 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:22.269778013 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:22.274595022 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:22.482578039 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:22.482722998 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:22.487520933 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:22.678770065 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:22.678982973 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:22.683850050 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:22.928091049 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:22.929713964 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:22.934561968 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.125801086 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.129880905 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.129940033 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.129940033 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.130042076 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.132216930 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.134749889 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.134764910 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.134773970 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.134839058 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.134882927 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.137164116 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.137173891 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.137192011 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.137200117 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.137224913 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.137247086 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.137257099 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.137286901 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.137346029 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.137351036 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.137537003 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.138222933 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.138231993 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.139775991 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.139878988 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.142131090 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.142220020 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.142350912 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.142354965 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.142364025 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.142393112 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.142432928 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.142436028 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.142481089 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.142522097 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.142589092 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.144745111 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.144803047 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.144855022 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.144990921 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.147186041 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147200108 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147237062 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147283077 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.147303104 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:23.147310019 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147356033 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147413969 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147470951 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147486925 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147555113 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147672892 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147819996 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.147828102 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.149566889 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.149576902 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.149584055 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.149593115 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.149833918 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.149842024 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.149919033 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.150005102 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.150012970 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.150023937 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.150041103 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.151700974 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.151724100 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.151781082 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.151788950 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.151859999 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.152192116 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.152199984 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.152215958 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.152224064 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.152278900 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.152287960 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.152358055 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.152367115 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.152400017 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.152410030 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.612970114 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:23.715338945 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:24.035017014 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:24.039881945 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:24.433423042 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:24.433475018 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:24.433527946 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:24.433573008 CET50013587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:24.435362101 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:24.438390017 CET58750013212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:24.440222025 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:24.440301895 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:25.031646013 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:25.031812906 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:25.036664963 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:25.226607084 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:25.226735115 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:25.231527090 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:25.421880007 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:25.422347069 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:25.427198887 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:25.635957003 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:25.636166096 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:25.641030073 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:25.831227064 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:25.831357956 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:25.836174011 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.081054926 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.081192017 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.086086035 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.276165009 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.281665087 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.281665087 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.281817913 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.281817913 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.283046007 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.288765907 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288779974 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288788080 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288849115 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288857937 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288866997 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288908005 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.288908005 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.288957119 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288965940 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288974047 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288981915 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288990021 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.288997889 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.289005995 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.289006948 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.289033890 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.289055109 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.293751955 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.293812037 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.293854952 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.293883085 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.293889046 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.293916941 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.294006109 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.317795038 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.317945004 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.318994045 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.319250107 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.319341898 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:26.319560051 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.323441029 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.323451996 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.323461056 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.323470116 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.323477983 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324404955 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324414015 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324421883 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324507952 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324517965 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324527025 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324534893 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324543953 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324636936 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324645996 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324655056 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324662924 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.324671030 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.739341021 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:26.824687004 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:30.128128052 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:30.133053064 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:30.524027109 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:30.524041891 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:30.524266005 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:30.524266005 CET50009587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:30.529109001 CET58750009212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:30.529225111 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:30.534014940 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:30.534394026 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:31.123563051 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:31.123692036 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:31.128607035 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:31.318489075 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:31.318706036 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:31.323544025 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:31.513946056 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:31.514170885 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:31.519047022 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:31.727870941 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:31.728264093 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:31.733143091 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:31.927766085 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:31.931679010 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:31.936517000 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.178313971 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.181756020 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.186654091 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.386714935 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.387082100 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.387140989 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.387140989 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.387345076 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.389621973 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.391994953 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.392021894 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.392049074 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.392143011 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.392157078 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.394468069 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.394479036 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.394493103 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.394503117 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.394534111 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.394545078 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.394561052 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.394589901 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.394601107 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.394613028 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.394617081 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.394632101 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.394642115 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.394707918 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.397008896 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.397072077 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.399388075 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.399430037 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.399446964 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.399462938 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.399563074 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.399584055 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.399594069 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.399610043 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.399662018 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.399684906 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.399694920 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.399704933 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.399861097 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.402056932 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.402117014 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.404228926 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.404284954 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.404396057 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:32.404552937 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.404653072 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.404712915 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.404829979 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.404928923 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405005932 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405016899 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405112982 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405124903 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405225992 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405236006 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405281067 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405291080 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405333042 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405343056 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405380011 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405390024 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405464888 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405474901 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405483961 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405494928 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.405507088 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.406985044 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.406996012 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.407006979 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.407073975 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.409260035 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.409271955 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.409282923 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.409322023 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.409332037 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:32.851869106 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:33.027837992 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:34.709378958 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:34.714396954 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:35.137958050 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:35.137993097 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:35.138050079 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:35.159248114 CET50015587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:35.162765026 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:35.164170027 CET58750015212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:35.167620897 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:35.167695999 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:35.764627934 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:35.824719906 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:35.869609118 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:35.874501944 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:36.065593958 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:36.065762043 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:36.070636034 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:36.262204885 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:36.262712002 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:36.267608881 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:36.501848936 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:36.502249002 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:36.507091045 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:36.698129892 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:36.698328018 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:36.703351021 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:36.944200039 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:36.944447041 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:36.949300051 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.141834974 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.142117977 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.142158031 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.142205000 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.142266035 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.143757105 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.147017002 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.147036076 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.147048950 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.147063971 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.147145987 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.148674965 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.148694038 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.148726940 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.148751974 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.148777008 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.148791075 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.148802042 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.148817062 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.148824930 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.148838043 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.148847103 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.148849010 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.148860931 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.148876905 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.148906946 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.151983023 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.152031898 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.153789043 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.153830051 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.153858900 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.153867006 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.153884888 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.153897047 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.153919935 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.153937101 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.153947115 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.153976917 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.153979063 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.154026031 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.154027939 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.154071093 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.154078007 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.154124022 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.156889915 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.156944990 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.158823967 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.158864021 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.158886909 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.158911943 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:37.158948898 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.159240007 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.159441948 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.161818027 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.161834955 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.161850929 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.161916018 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.163724899 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.163825989 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.163839102 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.163868904 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.163881063 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.164038897 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.164105892 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.600169897 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:37.656627893 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:42.922630072 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:42.927453995 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.059659958 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:43.064496040 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.064555883 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:43.323719025 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.323808908 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.323836088 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:43.323878050 CET50016587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:43.325280905 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:43.328599930 CET58750016212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.330131054 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.330192089 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:43.654836893 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.659612894 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:43.664500952 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.854235888 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.859663010 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:43.864483118 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.914983988 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:43.919672966 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:43.924623013 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.054807901 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.055396080 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.060271025 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.117368937 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.117701054 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.122603893 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.269359112 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.270061016 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.274930000 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.312671900 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.313371897 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.318259001 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.464277983 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.464483023 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.469356060 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.522588015 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.528156042 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.533137083 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.704405069 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.704607010 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.709449053 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.722718954 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.723342896 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.728203058 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.899172068 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.899576902 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.899578094 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.899578094 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.899682999 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.901076078 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.904601097 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.904607058 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.904624939 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.904642105 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.904685020 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.905996084 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.906028986 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.906058073 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.906071901 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.906075954 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.906085014 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.906100988 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.906120062 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.906143904 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.906157017 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.906169891 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.906169891 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.906239986 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.909514904 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.909574032 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.911024094 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.911086082 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.911102057 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.911143064 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.911164999 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.911185980 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.911207914 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.911238909 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.911243916 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.911302090 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.911392927 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.911421061 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.911437988 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.911457062 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.911490917 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.911551952 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.914654970 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.914721012 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.916075945 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916100025 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916142941 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916157007 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916162014 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.916168928 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916193008 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916205883 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916220903 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916260958 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916285038 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916393995 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916429043 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916477919 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916495085 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916512966 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916542053 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.916558981 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.917377949 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.917396069 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.917448044 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.917481899 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.917499065 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.917516947 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.917534113 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.919629097 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.920780897 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.920799017 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.920814991 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.921091080 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.921106100 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.921214104 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.921231031 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.921260118 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.967219114 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:44.967340946 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:44.972286940 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.161616087 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.161920071 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.161986113 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.162018061 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.162158012 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.163681030 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.163708925 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.166754961 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.166872025 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.166887999 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.166923046 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.166930914 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.168582916 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.168597937 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.168654919 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.168659925 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.168669939 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.168684959 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.168704033 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.168728113 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.168737888 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.168755054 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.168761969 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.168777943 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.168778896 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.168802977 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.168824911 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.171787977 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.171834946 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.173681021 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.173697948 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.173727989 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.173758030 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.173772097 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.173805952 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.173818111 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.173846006 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.173856020 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.173885107 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.173898935 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.173942089 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.173944950 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.173962116 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.173990011 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.173990965 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.174006939 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.174041033 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.176764965 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.176819086 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.178706884 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.178767920 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.178802967 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.178905010 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.178924084 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179064035 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179095984 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179137945 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179162025 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179179907 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179245949 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179347992 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179380894 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179393053 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179409981 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179447889 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179465055 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179481983 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179510117 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179526091 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179569006 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179583073 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179641008 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179655075 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.179673910 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.181633949 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.181740046 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.181755066 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.181801081 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.183573008 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.183588028 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.183634043 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.183712959 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.183731079 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.353095055 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.418519020 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:45.615395069 CET58750018212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:45.692975998 CET50018587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:48.243124008 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:48.248054981 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:48.639465094 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:48.639533997 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:48.639821053 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:48.639821053 CET50017587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:48.643708944 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:48.644700050 CET58750017212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:48.648572922 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:48.648729086 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:49.234462023 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:49.234769106 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:49.239658117 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:49.428610086 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:49.428781986 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:49.433763981 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:49.622834921 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:49.628114939 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:49.633028030 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:49.836313009 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:49.836529970 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:49.841480970 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.037955046 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.070084095 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.075018883 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.309096098 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.310980082 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.315893888 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.505007982 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.505352974 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.505353928 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.505471945 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.505471945 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.506539106 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.510354042 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.510387897 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.510416985 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.510497093 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.510560989 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.511449099 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.511554956 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.511567116 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.511595964 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.511641979 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.511671066 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.511701107 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.511723042 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.511750937 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.511779070 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.511779070 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.511833906 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.511862040 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.511873007 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.511910915 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.511941910 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.515384912 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.515508890 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.516720057 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.516815901 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.516825914 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.516853094 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.516904116 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.516910076 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.516942024 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.516964912 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.517004967 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.517009974 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.517080069 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.517108917 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.517113924 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.517137051 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.517154932 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.517226934 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.520524979 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522094965 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522129059 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522182941 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522212982 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:50.522217035 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522294044 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522326946 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522378922 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522412062 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522464991 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522519112 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522547960 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522599936 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522628069 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522680998 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522708893 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522762060 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522790909 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522821903 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522850037 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522898912 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522927046 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522954941 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.522983074 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.523010015 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.527935028 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.527966022 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.528017998 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.528045893 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.528099060 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.528127909 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.528191090 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.528218985 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.528249025 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:50.965713024 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:51.027895927 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:55.858501911 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:55.863656044 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:56.255269051 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:56.255354881 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:56.255475998 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:56.255811930 CET50019587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:56.256639004 CET50020587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:56.260279894 CET58750019212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:56.261610031 CET58750020212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:56.261918068 CET50020587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:56.793803930 CET50020587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:56.798933983 CET58750020212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:56.798991919 CET50020587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:57.375052929 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:57.381057024 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:57.381135941 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:57.968069077 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:57.973679066 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:57.978482962 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:58.168167114 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:58.169864893 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:58.174765110 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:58.369111061 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:58.370098114 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:58.374924898 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:58.585093021 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:58.585357904 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:58.590756893 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:58.780577898 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:58.780719042 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:58.787574053 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.022542953 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.022677898 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.027510881 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.217644930 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.217967987 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.218007088 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.218049049 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.218094110 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.219604015 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.222774982 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.222800016 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.222810030 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.222853899 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.222959995 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.224498034 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.224508047 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.224517107 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.224531889 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.224541903 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.224570036 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.224598885 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.224603891 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.224613905 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.224657059 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.227505922 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.227516890 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.227555037 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.227570057 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.227742910 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.227790117 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.229441881 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.229463100 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.229474068 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.229530096 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.229593992 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.229608059 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.229645014 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.229659081 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.229686022 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.229785919 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.229789019 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.229841948 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.232352972 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.232414007 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.232429028 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.232480049 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.232546091 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.232604980 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.234379053 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.234437943 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:43:59.234484911 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.234546900 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.234587908 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.234613895 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.234740019 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.234790087 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.234843969 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.234854937 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.234909058 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.235033035 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.235043049 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.235052109 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.235061884 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.235070944 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.235081911 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.237188101 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239142895 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239197969 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239284039 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239293098 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239319086 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239327908 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239343882 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239352942 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239485979 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239495039 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239502907 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239506006 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239520073 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239528894 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239568949 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.239578009 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.728949070 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:43:59.825687885 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:00.005722046 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:00.010863066 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:00.403544903 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:00.403628111 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:00.403990984 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:00.404234886 CET50014587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:00.405694008 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:00.408813953 CET58750014212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:00.410470963 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:00.410701036 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:01.014897108 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:01.015068054 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:01.019886017 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:01.213073969 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:01.213406086 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:01.218348026 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:01.411942005 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:01.412332058 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:01.417152882 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:01.625035048 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:01.647099972 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:01.651972055 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:01.845330954 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:01.851749897 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:01.856657982 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.106352091 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.106718063 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.112348080 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.304672003 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.306061983 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.306061983 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.306106091 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.306179047 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.307517052 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.310878992 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.312148094 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.312159061 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.312167883 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.312271118 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.312326908 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.312448978 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.312509060 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.312520027 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.312558889 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.312567949 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.312581062 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.312598944 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.312614918 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.312679052 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.313519955 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.313529968 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.313538074 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.313612938 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.317078114 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.317224026 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.317353964 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.317380905 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.317420006 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.317503929 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.317548037 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.317584991 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.317595005 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.317711115 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.318389893 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.318521976 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.318542004 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.318553925 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.318656921 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.322216988 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.322309017 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.322336912 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.322340012 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.322376013 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.322405100 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.322406054 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:02.322474003 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.322606087 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.322659969 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.322670937 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.322731018 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.323184967 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.323194027 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.323201895 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.323354006 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.323364019 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.323371887 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.323431015 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.323441029 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.323457956 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.323468924 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.326960087 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.326968908 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.326977968 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.326987982 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.326998949 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.327198982 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.327208996 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.327246904 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.327256918 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.327318907 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.327330112 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.327368975 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.327378988 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.327387094 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.768256903 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:02.824774981 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:03.761871099 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:03.766778946 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:04.163575888 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:04.163676023 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:04.163758993 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:04.163805962 CET50022587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:04.164527893 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:04.168443918 CET58750022212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:04.169409037 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:04.169465065 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:04.754967928 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:04.755091906 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:04.760098934 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:04.949564934 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:04.949728012 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:04.954585075 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:05.144316912 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:05.148463011 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:05.153338909 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:05.361375093 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:05.361501932 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:05.366442919 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:05.555880070 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:05.556046009 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:05.561681032 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:05.800333977 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:05.800502062 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:05.805548906 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:05.995090008 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:05.995357990 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:05.995417118 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:05.995417118 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:05.995491028 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:05.997013092 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:06.000248909 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.000261068 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.000271082 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.000339985 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.000368118 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:06.002262115 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.002273083 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.002290964 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.002300978 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.002310038 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.002332926 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.002342939 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.002351999 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:06.002394915 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.002405882 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.002439022 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:06.005206108 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.005302906 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:06.007731915 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.007890940 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:06.010242939 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.010339022 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:06.012742996 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.012783051 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.012795925 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.012819052 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:06.012892008 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.012902021 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.012943983 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:06.012994051 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.013021946 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.013061047 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.013099909 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.013109922 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.013150930 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.013160944 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.015253067 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.015263081 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.015270948 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.015284061 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017677069 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017738104 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017748117 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017766953 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017776966 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017836094 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017846107 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017857075 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017867088 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017884970 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017894983 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017904997 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.017916918 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.018032074 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.018042088 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.018157005 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:06.022970915 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.458679914 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:06.528774977 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:09.779714108 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:09.784480095 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:10.176616907 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:10.176645041 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:10.176743984 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:10.176800966 CET50023587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:10.177973032 CET50024587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:10.181700945 CET58750023212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:10.182917118 CET58750024212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:10.183048964 CET50024587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:10.802951097 CET58750024212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:10.803123951 CET50024587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:10.808056116 CET58750024212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:10.963255882 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:10.968327999 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:10.997549057 CET58750024212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:10.997776985 CET50024587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:11.003082037 CET58750024212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:11.192467928 CET58750024212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:11.234791040 CET50024587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:11.360269070 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:11.360372066 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:11.360435963 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:14.498435974 CET50024587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:14.498688936 CET50024587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:14.503334045 CET58750024212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:14.503815889 CET58750024212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:14.504228115 CET50024587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:14.545563936 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:14.550403118 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:14.550749063 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:14.708600998 CET50021587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:14.708765030 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:14.713479996 CET58750021212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:14.713582039 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:14.713788986 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:15.154799938 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.154918909 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:15.159744978 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.312625885 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.312767982 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:15.317564011 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.353018045 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.353159904 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:15.358007908 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.508991003 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.509164095 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:15.514005899 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.557992935 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.558175087 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:15.562983036 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.705519915 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.705688953 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:15.710546970 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.770289898 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.770421982 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:15.775240898 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.915554047 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.915683985 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:15.920465946 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.968208075 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:15.968333960 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:15.973140001 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.111355066 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.111507893 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.116400003 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.210967064 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.211333990 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.216197014 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.350384951 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.350552082 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.355340958 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.409223080 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.409686089 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.409686089 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.409686089 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.409745932 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.410830021 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.414494038 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.414505959 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.414515018 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.414671898 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.414710999 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.415741920 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.415752888 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.415760994 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.415801048 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.415811062 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.415823936 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.415833950 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.415852070 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.415855885 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.415858984 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.415859938 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.415911913 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.415932894 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.419564962 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.419630051 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.420592070 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.420634031 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.420672894 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.420701027 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.420720100 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.420734882 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.420768023 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.420825005 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.420835972 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.420845985 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.420855045 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.420876026 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.420953989 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.424591064 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.424731016 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.425549984 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.425618887 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.425635099 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.425679922 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.425813913 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.425825119 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.425836086 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.425863028 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.425929070 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.425991058 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426114082 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426122904 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426126957 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426184893 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426194906 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426281929 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426291943 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426326990 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426372051 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426424026 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426433086 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426495075 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426506042 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426515102 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.426523924 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.429522991 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.430444002 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.430454016 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.430466890 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.430481911 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.430500031 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.430509090 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.430516958 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.430526018 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.547022104 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.547282934 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.547282934 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.547343016 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.547343016 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.549911022 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.552175999 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.552190065 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.552200079 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.552249908 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.552405119 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.554733992 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.554744005 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.554760933 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.554770947 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.554786921 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.554797888 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.554802895 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.554807901 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.554831028 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.554874897 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.555058002 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.555068016 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.555123091 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.557235956 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.557421923 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.559587002 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.559665918 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.559717894 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.559766054 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.559776068 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.559777021 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.559807062 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.559855938 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.559885979 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.559921026 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.560024023 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.562277079 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.562352896 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.564678907 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.564730883 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.564742088 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.564768076 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.564796925 CET50026587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:16.564802885 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.564814091 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.564824104 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.564842939 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565007925 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565017939 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565036058 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565045118 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565053940 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565057993 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565073013 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565083027 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565093040 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565100908 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565126896 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565135956 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565192938 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565201998 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565211058 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.565222979 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.567238092 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.567248106 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.567256927 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.567329884 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.569606066 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.569616079 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.569648027 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.569658041 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.569703102 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.569713116 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.569721937 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.872215033 CET58750025212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:16.918571949 CET50025587192.168.2.6212.44.102.65
                                            Jan 15, 2025 08:44:17.008769989 CET58750026212.44.102.65192.168.2.6
                                            Jan 15, 2025 08:44:17.059189081 CET50026587192.168.2.6212.44.102.65

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 15, 2025 08:40:07.138700962 CET6509353192.168.2.61.1.1.1
                                            Jan 15, 2025 08:40:07.145519018 CET53650931.1.1.1192.168.2.6
                                            Jan 15, 2025 08:40:09.180217981 CET5829453192.168.2.61.1.1.1
                                            Jan 15, 2025 08:40:09.233484030 CET53582941.1.1.1192.168.2.6

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Jan 15, 2025 08:40:07.138700962 CET192.168.2.61.1.1.10x4ae4Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                            Jan 15, 2025 08:40:09.180217981 CET192.168.2.61.1.1.10xc5b2Standard query (0)mail.stilbo.euA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Jan 15, 2025 08:40:07.145519018 CET1.1.1.1192.168.2.60x4ae4No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                            Jan 15, 2025 08:40:07.145519018 CET1.1.1.1192.168.2.60x4ae4No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                            Jan 15, 2025 08:40:07.145519018 CET1.1.1.1192.168.2.60x4ae4No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                            Jan 15, 2025 08:40:09.233484030 CET1.1.1.1192.168.2.60xc5b2No error (0)mail.stilbo.eu212.44.102.65A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • api.ipify.org

                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.649711104.26.13.2054437140C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-15 07:40:07 UTC155OUTGET / HTTP/1.1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                            Host: api.ipify.org
                                            Connection: Keep-Alive
                                            2025-01-15 07:40:07 UTC426INHTTP/1.1 200 OK
                                            Date: Wed, 15 Jan 2025 07:40:07 GMT
                                            Content-Type: text/plain
                                            Content-Length: 12
                                            Connection: close
                                            Vary: Origin
                                            CF-Cache-Status: DYNAMIC
                                            Server: cloudflare
                                            CF-RAY: 902437454fe6369c-YYZ
                                            server-timing: cfL4;desc="?proto=TCP&rtt=60622&min_rtt=13936&rtt_var=34261&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=769&delivery_rate=209529&cwnd=32&unsent_bytes=0&cid=6d6b4884a0fd8239&ts=243&x=0"
                                            2025-01-15 07:40:07 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                            Data Ascii: 8.46.123.189


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.649717104.26.13.2054436820C:\Users\user\AppData\Roaming\RvUJzKx.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-15 07:40:12 UTC155OUTGET / HTTP/1.1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                            Host: api.ipify.org
                                            Connection: Keep-Alive
                                            2025-01-15 07:40:12 UTC425INHTTP/1.1 200 OK
                                            Date: Wed, 15 Jan 2025 07:40:12 GMT
                                            Content-Type: text/plain
                                            Content-Length: 12
                                            Connection: close
                                            Vary: Origin
                                            CF-Cache-Status: DYNAMIC
                                            Server: cloudflare
                                            CF-RAY: 9024375fec62a234-YYZ
                                            server-timing: cfL4;desc="?proto=TCP&rtt=13717&min_rtt=13707&rtt_var=5161&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=769&delivery_rate=211732&cwnd=32&unsent_bytes=0&cid=5b8f81c181b1fab7&ts=186&x=0"
                                            2025-01-15 07:40:12 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                            Data Ascii: 8.46.123.189


                                            SMTP Packets

                                            TimestampSource PortDest PortSource IPDest IPCommands
                                            Jan 15, 2025 08:40:09.925712109 CET58749714212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:40:09 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:40:09.926049948 CET49714587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:40:10.121700048 CET58749714212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:40:10.122991085 CET49714587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:40:10.325176001 CET58749714212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:40:10.562782049 CET58749714212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:40:10.563285112 CET49714587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:40:10.770340919 CET58749714212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:40:10.770765066 CET49714587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:40:11.017138958 CET58749714212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:40:11.025093079 CET49714587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:40:11.220256090 CET58749714212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:40:11.220942974 CET49714587192.168.2.6212.44.102.65.
                                            Jan 15, 2025 08:40:11.448425055 CET58749714212.44.102.65192.168.2.6250 OK id=1tXy0Z-0001pU-0P
                                            Jan 15, 2025 08:40:13.412331104 CET58749724212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:40:13 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:40:13.412524939 CET49724587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:40:13.629858971 CET58749724212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:40:13.635843992 CET49724587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:40:13.831886053 CET58749724212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:40:14.081362963 CET58749724212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:40:14.081638098 CET49724587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:40:14.278748989 CET58749724212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:40:14.278915882 CET49724587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:40:14.529468060 CET58749724212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:40:14.530071974 CET49724587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:40:14.725944996 CET58749724212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:40:14.726643085 CET49724587192.168.2.6212.44.102.65.
                                            Jan 15, 2025 08:40:14.998917103 CET58749724212.44.102.65192.168.2.6250 OK id=1tXy0c-0001qv-22
                                            Jan 15, 2025 08:41:24.292192936 CET49714587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:41:24.689810991 CET58749714212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:41:25.298851013 CET58749994212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:41:25 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:41:25.299032927 CET49994587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:41:25.497714996 CET58749994212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:41:25.497910976 CET49994587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:41:25.696139097 CET58749994212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:41:25.943561077 CET58749994212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:41:25.945471048 CET49994587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:41:26.143412113 CET58749994212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:41:26.143606901 CET49994587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:41:26.412873983 CET58749994212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:41:26.413207054 CET49994587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:41:26.611443043 CET58749994212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:41:27.176697016 CET58749994212.44.102.65192.168.2.6250 OK id=1tXy1m-00027Z-1f
                                            Jan 15, 2025 08:41:34.709935904 CET49724587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:41:35.108774900 CET58749724212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:41:35.702776909 CET58749996212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:41:35 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:41:35.702933073 CET49996587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:41:35.897150993 CET58749996212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:41:35.897429943 CET49996587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:41:36.110727072 CET58749996212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:41:36.319070101 CET58749996212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:41:36.321355104 CET49996587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:41:36.515906096 CET58749996212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:41:36.516021967 CET49996587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:41:36.765903950 CET58749996212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:41:36.766086102 CET49996587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:41:36.960134029 CET58749996212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:41:37.439608097 CET58749996212.44.102.65192.168.2.6250 OK id=1tXy1w-0002BR-2n
                                            Jan 15, 2025 08:41:39.960433960 CET49996587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:41:40.357811928 CET58749996212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:41:40.984235048 CET58749997212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:41:40 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:41:40.984375000 CET49997587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:41:41.184407949 CET58749997212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:41:41.184571981 CET49997587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:41:41.388041019 CET58749997212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:41:41.647067070 CET58749997212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:41:41.649408102 CET49997587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:41:41.849107027 CET58749997212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:41:41.853272915 CET49997587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:41:42.113255024 CET58749997212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:41:42.113564014 CET49997587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:41:42.313498974 CET58749997212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:41:42.777141094 CET58749997212.44.102.65192.168.2.6250 OK id=1tXy22-0002DI-0h
                                            Jan 15, 2025 08:42:02.926213980 CET49997587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:42:03.329153061 CET58749997212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:42:04.114955902 CET58749999212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:42:03 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:42:04.115557909 CET49999587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:42:04.309883118 CET58749999212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:42:04.313532114 CET49999587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:42:04.508640051 CET58749999212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:42:04.722531080 CET58749999212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:42:04.722662926 CET49999587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:42:04.921024084 CET58749999212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:42:04.921170950 CET49999587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:42:05.173600912 CET58749999212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:42:05.174046040 CET49999587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:42:05.368990898 CET58749999212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:42:05.390924931 CET49999587192.168.2.6212.44.102.65.
                                            Jan 15, 2025 08:42:05.879434109 CET58749999212.44.102.65192.168.2.6250 OK id=1tXy2P-0002GX-0t
                                            Jan 15, 2025 08:42:20.702733994 CET49999587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:42:21.099611044 CET58749999212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:42:21.695286989 CET58750001212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:42:21 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:42:21.700335026 CET50001587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:42:21.895622015 CET58750001212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:42:21.897586107 CET50001587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:42:22.093012094 CET58750001212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:42:22.306224108 CET58750001212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:42:22.309845924 CET50001587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:42:22.504766941 CET58750001212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:42:22.512413025 CET50001587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:42:22.759773016 CET58750001212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:42:22.759938955 CET50001587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:42:22.955385923 CET58750001212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:42:23.457259893 CET58750001212.44.102.65192.168.2.6250 OK id=1tXy2g-0002LZ-2m
                                            Jan 15, 2025 08:42:23.609373093 CET50001587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:42:24.006398916 CET58750001212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:42:24.602267027 CET58750002212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:42:24 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:42:24.602474928 CET50002587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:42:24.796267033 CET58750002212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:42:24.798405886 CET50002587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:42:24.992692947 CET58750002212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:42:25.206706047 CET58750002212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:42:25.278711081 CET50002587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:42:25.473020077 CET58750002212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:42:25.473162889 CET50002587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:42:25.717670918 CET58750002212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:42:25.721400023 CET50002587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:42:25.923404932 CET58750002212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:42:26.436800003 CET58750002212.44.102.65192.168.2.6250 OK id=1tXy2j-0002Mi-2e
                                            Jan 15, 2025 08:42:30.701965094 CET50002587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:42:31.098568916 CET58750002212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:42:31.691896915 CET58750003212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:42:31 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:42:31.692764997 CET50003587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:42:31.887778997 CET58750003212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:42:31.888030052 CET50003587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:42:32.083301067 CET58750003212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:42:32.323121071 CET58750003212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:42:32.323364973 CET50003587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:42:32.518285990 CET58750003212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:42:32.518877029 CET50003587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:42:32.626959085 CET49994587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:42:32.763081074 CET58750003212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:42:32.763211966 CET50003587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:42:32.958173990 CET58750003212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:42:33.027595997 CET58749994212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:42:33.421720982 CET58750003212.44.102.65192.168.2.6250 OK id=1tXy2q-0002NJ-2n
                                            Jan 15, 2025 08:42:33.622785091 CET58750004212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:42:33 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:42:33.622994900 CET50004587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:42:33.817313910 CET58750004212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:42:33.817573071 CET50004587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:42:34.023073912 CET58750004212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:42:34.238832951 CET58750004212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:42:34.239784002 CET50004587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:42:34.433959007 CET58750004212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:42:34.434118032 CET50004587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:42:34.675544977 CET58750004212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:42:34.675803900 CET50004587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:42:34.863714933 CET50003587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:42:34.870657921 CET58750004212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:42:35.261584044 CET58750003212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:42:35.422125101 CET58750004212.44.102.65192.168.2.6250 OK id=1tXy2s-0002NV-2V
                                            Jan 15, 2025 08:42:35.854845047 CET58750005212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:42:35 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:42:35.855633974 CET50005587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:42:36.049984932 CET58750005212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:42:36.050985098 CET50005587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:42:36.245986938 CET58750005212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:42:36.456135988 CET58750005212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:42:36.456505060 CET50005587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:42:36.650705099 CET58750005212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:42:36.652502060 CET50005587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:42:36.905750990 CET58750005212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:42:36.989936113 CET50005587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:42:37.184591055 CET58750005212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:42:37.207036018 CET50005587192.168.2.6212.44.102.65.
                                            Jan 15, 2025 08:42:37.645283937 CET58750005212.44.102.65192.168.2.6250 OK id=1tXy2v-0002Nh-0I
                                            Jan 15, 2025 08:42:57.303934097 CET50004587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:42:57.701718092 CET58750004212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:42:57.741215944 CET50005587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:42:58.137993097 CET58750005212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:42:58.312588930 CET58750006212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:42:58 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:42:58.312870026 CET50006587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:42:58.532712936 CET58750006212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:42:58.532883883 CET50006587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:42:58.728929043 CET58750006212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:42:58.746793985 CET58750007212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:42:58 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:42:58.746922016 CET50007587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:42:58.967173100 CET58750006212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:42:58.967369080 CET50006587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:42:59.163362026 CET58750006212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:42:59.163548946 CET50006587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:42:59.409013033 CET58750006212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:42:59.409188032 CET50006587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:42:59.605465889 CET58750006212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:42:59.617593050 CET50006587192.168.2.6212.44.102.65220N21oLqH
                                            7Sq7mh8wbwPUr1xWXosSy6hc3EUqS2UTMtsy8jLENJg98Nx+YpLzSby6nv4o3S2tLqJ1
                                            bEpcu5UANtKjbjHZufTuACzN4i0iL7Of7QtnWeUxK6TIVBAycnP0H1I9aWy1uz1AK1nP
                                            A6+c0L7pgDkZ6AZznbkdOOaz4NHvohbyrbwLPDOsjBr6aYSAIy/edSVxu4HNTRaTeLJE
                                            rGARw30lyrBySyuH4I28EFx3NAGpb6hY3Tulte28zIAzLHKrFQehODwKYmraY8DzpqNq
                                            0KDLyCZSqjOMk545GKxm0F4tLtoXlt4Vg0+W2lf+HLbTnoMr8pJziqtmsur3d/PDFZTF
                                            Y4EVra6YR71LHiUJyQCDjHcA0AdZDLFPCksMiSRuMq6EEMPUEU+q9ilzHZQpdyiW4Cjz
                                            HHQn8AP5D6CrFABRRRQAUUUUAFFFFABUN5/x5T/9c2/lU1Q3n/HlP/1zb+VAHkln/qBU
                                            9Q2f+oFT19PD4UfOz+JiUlLRVEjaDS0UDENFFFABSUUGgYUlLSUAJiilpKBie9FLR9aA
                                            EpMUtHTmgYlFFH0oGJRRRQAfhRRR7UDEopaSgBKKWkoAKSlooGJRR+FFABSUtJQMKKKK
                                            ACkoooGFH0o/GigBKOvrRR9KADmij3oxQMMUUD8aPegBMUtFJ9aACjiiigA/lSUtJQMK
                                            KWkoAKPpRRQB01IxwpPoKWkPNSeIVpZLRpGtPt0oP2Upjy18kTE+YG8zf64X7valt7rz
                                            G0+RfsX9nloPMLmPzA2R5m/PzYzn/ZxipfJj2kbBg037LB/zzFcCwkk7qR6bx0WrOOxF
                                            YX8kwWTZp6H7WRciYRriAAbdgPX+L7vzZx7U21vFFhZSZszapBcecJGQzqd8hjUAncDy
                                            Pu+vPGKnNtAcZjXik+yW/wDzyWpeCk/tGqzGC+wPi1CCCDTpGltS6XNs3m7oixU58zKB
                                            dy7c4yxJyMjFMtjMTKZzEZC5yYdmz2xs+X8qPslvnPkrUqIqDCjArajh5Qnzt3OfEYuN
                                            WmqcY22FooorrOAKKKKACiiigAooooAKKKKACiikoAWkpaSgAooooAKKKKACiiigAooo
                                            oGFFFFABSUtJQAUUUUAFFFFMBKKKKBhiiiigAooooAKKKKACiiikAlFFFMApKWigYlFL
                                            SUAFFFFABRRRTASilpKBhS0lFAC7jRlT1FJRQAu0HoaaUYUuaXJoAZikqXd6jNJhT7UW
                                            Hcjop5T0OaaQR2NAXEpKWikMSiiimMSilpKACkpaKAErY8K/8htP9xv5VkVseFf+Q0n+
                                            438q58T/AAZHThf40TuKKK5HTtYvNRuBa29+73AXLKI1GMdeSteHToyqJuPQ+gnPk6N+
                                            h1csscKF5ZFRB1ZjgU+uI1KS9uJHF1cmSODJQbVwxHqMYNdvSnTcEm+ooVIzbS6BRXL6
                                            dqs8uqiP+0/tLG5njmtMR/uI1LbX+UBh0UfMTndVmDxdptxHLJCskgjKYCNGzOGYKCAG
                                            JHJHDYPPSszQ36Ky11uHddeZbTxR2ibp5GKERnaG2kBi2cHsMehpja/FFDI9xZXcDp5Z
                                            8plUswdtqkbWI69s59qANeisiTX4IrGe5ltpojbyiKWKV4kZCQCOS4XGCOjd6rf20Jbk
                                            zLNMto8FtJGERd2ZJGXnI6HgH2zigDoKKyG8QWsdndXkkUqW0DmPzWaPDtu24HzZHP8A
                                            e21a0rUoNVs/tNv93cVI3K2CPdSVP4E0AXaKKKACiiigAooooAKKKKACiiigAqG8/wCP
                                            Kf8A65t/KpqhvP8Ajyn/AOubfyoA8ls/9QKnqCz/ANQKnr6eHwo+cn8TEopaDVkiUlLS
                                            YpDCkpaPagYlFHWigBKKWm0DCilpKBhSGiigApKXFFADaKWjrQMbiil9qTt1oGFFFBoG
                                            FJR0ooAKKOaT3oAKKKKYwpKWkxSAKKMelHegApKWj60DENFFFACetGKWjpTGJ9aKPwoo
                                            AMe9JS0lIAopTjvSdBQMSjHvS0UwEoo/GjigAoooxSGJRRR39aACij2ooA6aiiipPECi
                                            iigAopVVnYKoJYnAA71qXWiyW9gJ926Qcuo6AVz1sVSoyjCpKzlojanQqVYuUFdLcyqK
                                            KK6DESiiigYUUUtACUUUUAFFFFABRRRQAUUUUAJS0VPb2dzdKWggeQLwdoziplJRV5Ox
                                            UYSm7RVyCirn9k6j/wA+U3/fBo/srUf+fKb/AL4NR7an/MvvNPq9b+R/cylRU09tPbnE
                                            0TRnOPmGP89ahq4yUldO5nKMoO0lZhRRRVEhRRRQMKKlt7eW6nWCBN8jZwuQM8Z71e/4
                                            R/Vf+fT/AMiJ/jWUq1ODtJm0MPVqLmjG6MyitP8A4R/Vf+fT/wAiJ/jVW8067sdn2mEx
                                            784+YHpjP
                                            Jan 15, 2025 08:42:59.618406057 CET58750009212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:42:59 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:42:59.618572950 CET50009587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:42:59.812207937 CET58750009212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:42:59.812522888 CET50009587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:00.006330013 CET58750009212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:00.086689949 CET58750006212.44.102.65192.168.2.6250 OK id=1tXy3H-0002RI-1e
                                            Jan 15, 2025 08:43:00.193291903 CET50006587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:43:00.216340065 CET58750009212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:00.216989040 CET50009587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:00.413558960 CET58750009212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:00.414093018 CET50009587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:00.592531919 CET58750006212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:43:00.656189919 CET58750009212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:00.656502008 CET50009587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:00.850260019 CET58750009212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:01.196718931 CET58750010212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:43:01 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:43:01.196903944 CET50010587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:43:01.304774046 CET58750009212.44.102.65192.168.2.6250 OK id=1tXy3I-0002RV-2R
                                            Jan 15, 2025 08:43:01.392858982 CET58750010212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:43:01.393016100 CET50010587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:01.589380026 CET58750010212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:01.800961971 CET58750010212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:01.801460028 CET50010587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:01.997649908 CET58750010212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:02.001702070 CET50010587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:02.248784065 CET58750010212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:02.249674082 CET50010587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:02.445662022 CET58750010212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:02.911957979 CET58750010212.44.102.65192.168.2.6250 OK id=1tXy3K-0002Rr-18
                                            Jan 15, 2025 08:43:06.185606003 CET50010587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:43:06.584636927 CET58750010212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:43:07.206192970 CET58750011212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:43:07 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:43:07.206374884 CET50011587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:43:07.406944990 CET58750011212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:43:07.407182932 CET50011587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:07.607918024 CET58750011212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:07.824434042 CET58750011212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:07.825742960 CET50011587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:08.026936054 CET58750011212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:08.027151108 CET50011587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:08.274384975 CET58750011212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:08.274846077 CET50011587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:08.476052999 CET58750011212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:08.952850103 CET58750011212.44.102.65192.168.2.6250 OK id=1tXy3Q-0002Td-1D
                                            Jan 15, 2025 08:43:20.864701986 CET50011587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:43:21.266925097 CET58750011212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:43:21.876838923 CET58750013212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:43:21 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:43:21.876998901 CET50013587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:43:22.073160887 CET58750013212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:43:22.073299885 CET50013587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:22.269594908 CET58750013212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:22.482578039 CET58750013212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:22.482722998 CET50013587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:22.678770065 CET58750013212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:22.678982973 CET50013587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:22.928091049 CET58750013212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:22.929713964 CET50013587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:23.125801086 CET58750013212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:23.612970114 CET58750013212.44.102.65192.168.2.6250 OK id=1tXy3f-0002Xb-06
                                            Jan 15, 2025 08:43:24.035017014 CET50013587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:43:24.433423042 CET58750013212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:43:25.031646013 CET58750014212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:43:24 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:43:25.031812906 CET50014587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:43:25.226607084 CET58750014212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:43:25.226735115 CET50014587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:25.421880007 CET58750014212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:25.635957003 CET58750014212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:25.636166096 CET50014587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:25.831227064 CET58750014212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:25.831357956 CET50014587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:26.081054926 CET58750014212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:26.081192017 CET50014587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:26.276165009 CET58750014212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:26.739341021 CET58750014212.44.102.65192.168.2.6250 OK id=1tXy3i-0002YE-0a
                                            Jan 15, 2025 08:43:30.128128052 CET50009587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:43:30.524027109 CET58750009212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:43:31.123563051 CET58750015212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:43:31 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:43:31.123692036 CET50015587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:43:31.318489075 CET58750015212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:43:31.318706036 CET50015587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:31.513946056 CET58750015212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:31.727870941 CET58750015212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:31.728264093 CET50015587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:31.927766085 CET58750015212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:31.931679010 CET50015587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:32.178313971 CET58750015212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:32.181756020 CET50015587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:32.386714935 CET58750015212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:32.851869106 CET58750015212.44.102.65192.168.2.6250 OK id=1tXy3o-0002ab-0w
                                            Jan 15, 2025 08:43:34.709378958 CET50015587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:43:35.137958050 CET58750015212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:43:35.764627934 CET58750016212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:43:35 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:43:35.869609118 CET50016587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:43:36.065593958 CET58750016212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:43:36.065762043 CET50016587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:36.262204885 CET58750016212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:36.501848936 CET58750016212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:36.502249002 CET50016587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:36.698129892 CET58750016212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:36.698328018 CET50016587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:36.944200039 CET58750016212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:36.944447041 CET50016587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:37.141834974 CET58750016212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:37.600169897 CET58750016212.44.102.65192.168.2.6250 OK id=1tXy3t-0002ax-09
                                            Jan 15, 2025 08:43:42.922630072 CET50016587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:43:43.323719025 CET58750016212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:43:43.654836893 CET58750017212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:43:43 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:43:43.659612894 CET50017587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:43:43.854235888 CET58750017212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:43:43.859663010 CET50017587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:43.914983988 CET58750018212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:43:43 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:43:43.919672966 CET50018587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:43:44.054807901 CET58750017212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:44.117368937 CET58750018212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:43:44.117701054 CET50018587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:44.269359112 CET58750017212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:44.270061016 CET50017587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:44.312671900 CET58750018212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:44.464277983 CET58750017212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:44.464483023 CET50017587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:44.522588015 CET58750018212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:44.528156042 CET50018587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:44.704405069 CET58750017212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:44.704607010 CET50017587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:44.722718954 CET58750018212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:44.723342896 CET50018587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:44.899172068 CET58750017212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:44.967219114 CET58750018212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:44.967340946 CET50018587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:45.161616087 CET58750018212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:45.353095055 CET58750017212.44.102.65192.168.2.6250 OK id=1tXy40-0002cn-2b
                                            Jan 15, 2025 08:43:45.615395069 CET58750018212.44.102.65192.168.2.6250 OK id=1tXy41-0002co-0D
                                            Jan 15, 2025 08:43:48.243124008 CET50017587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:43:48.639465094 CET58750017212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:43:49.234462023 CET58750019212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:43:49 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:43:49.234769106 CET50019587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:43:49.428610086 CET58750019212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:43:49.428781986 CET50019587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:49.622834921 CET58750019212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:49.836313009 CET58750019212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:49.836529970 CET50019587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:50.037955046 CET58750019212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:50.070084095 CET50019587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:50.309096098 CET58750019212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:50.310980082 CET50019587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:50.505007982 CET58750019212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:50.965713024 CET58750019212.44.102.65192.168.2.6250 OK id=1tXy46-0002dI-1K
                                            Jan 15, 2025 08:43:55.858501911 CET50019587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:43:56.255269051 CET58750019212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:43:57.968069077 CET58750021212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:43:57 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:43:57.973679066 CET50021587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:43:58.168167114 CET58750021212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:43:58.169864893 CET50021587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:43:58.369111061 CET58750021212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:43:58.585093021 CET58750021212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:43:58.585357904 CET50021587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:43:58.780577898 CET58750021212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:43:58.780719042 CET50021587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:43:59.022542953 CET58750021212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:43:59.022677898 CET50021587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:43:59.217644930 CET58750021212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:43:59.728949070 CET58750021212.44.102.65192.168.2.6250 OK id=1tXy4F-0002eH-0O
                                            Jan 15, 2025 08:44:00.005722046 CET50014587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:44:00.403544903 CET58750014212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:44:01.014897108 CET58750022212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:44:00 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:44:01.015068054 CET50022587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:44:01.213073969 CET58750022212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:44:01.213406086 CET50022587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:44:01.411942005 CET58750022212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:44:01.625035048 CET58750022212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:44:01.647099972 CET50022587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:44:01.845330954 CET58750022212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:44:01.851749897 CET50022587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:44:02.106352091 CET58750022212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:44:02.106718063 CET50022587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:44:02.304672003 CET58750022212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:44:02.768256903 CET58750022212.44.102.65192.168.2.6250 OK id=1tXy4I-0002ek-0f
                                            Jan 15, 2025 08:44:03.761871099 CET50022587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:44:04.163575888 CET58750022212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:44:04.754967928 CET58750023212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:44:04 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:44:04.755091906 CET50023587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:44:04.949564934 CET58750023212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:44:04.949728012 CET50023587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:44:05.144316912 CET58750023212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:44:05.361375093 CET58750023212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:44:05.361501932 CET50023587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:44:05.555880070 CET58750023212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:44:05.556046009 CET50023587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:44:05.800333977 CET58750023212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:44:05.800502062 CET50023587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:44:05.995090008 CET58750023212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:44:06.018157005 CET50023587192.168.2.6212.44.102.65.
                                            Jan 15, 2025 08:44:06.458679914 CET58750023212.44.102.65192.168.2.6250 OK id=1tXy4L-0002gh-2u
                                            Jan 15, 2025 08:44:09.779714108 CET50023587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:44:10.176616907 CET58750023212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:44:10.802951097 CET58750024212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:44:10 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:44:10.803123951 CET50024587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:44:10.963255882 CET50021587192.168.2.6212.44.102.65QUIT
                                            Jan 15, 2025 08:44:10.997549057 CET58750024212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:44:10.997776985 CET50024587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:44:11.192467928 CET58750024212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:44:11.360269070 CET58750021212.44.102.65192.168.2.6221 rcp-9.controlpanel.si closing connection
                                            Jan 15, 2025 08:44:15.154799938 CET58750025212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:44:15 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:44:15.154918909 CET50025587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:44:15.312625885 CET58750026212.44.102.65192.168.2.6220-rcp-9.controlpanel.si ESMTP Exim 4.96.2 #2 Wed, 15 Jan 2025 08:44:15 +0100
                                            220-We do not authorize the use of this system to transport unsolicited,
                                            220 and/or bulk e-mail.
                                            Jan 15, 2025 08:44:15.312767982 CET50026587192.168.2.6212.44.102.65EHLO 549163
                                            Jan 15, 2025 08:44:15.353018045 CET58750025212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:44:15.353159904 CET50025587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:44:15.508991003 CET58750026212.44.102.65192.168.2.6250-rcp-9.controlpanel.si Hello 549163 [8.46.123.189]
                                            250-SIZE 52428800
                                            250-8BITMIME
                                            250-PIPELINING
                                            250-PIPECONNECT
                                            250-AUTH PLAIN LOGIN
                                            250-STARTTLS
                                            250 HELP
                                            Jan 15, 2025 08:44:15.509164095 CET50026587192.168.2.6212.44.102.65AUTH login Ym9nZGFuLmhhZm5lckBzdGlsYm8uZXU=
                                            Jan 15, 2025 08:44:15.557992935 CET58750025212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:44:15.705519915 CET58750026212.44.102.65192.168.2.6334 UGFzc3dvcmQ6
                                            Jan 15, 2025 08:44:15.770289898 CET58750025212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:44:15.770421982 CET50025587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:44:15.915554047 CET58750026212.44.102.65192.168.2.6235 Authentication succeeded
                                            Jan 15, 2025 08:44:15.915683985 CET50026587192.168.2.6212.44.102.65MAIL FROM:<bogdan.hafner@stilbo.eu>
                                            Jan 15, 2025 08:44:15.968208075 CET58750025212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:44:15.968333960 CET50025587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:44:16.111355066 CET58750026212.44.102.65192.168.2.6250 OK
                                            Jan 15, 2025 08:44:16.111507893 CET50026587192.168.2.6212.44.102.65RCPT TO:<jinhux31@gmail.com>
                                            Jan 15, 2025 08:44:16.210967064 CET58750025212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:44:16.211333990 CET50025587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:44:16.350384951 CET58750026212.44.102.65192.168.2.6250 Accepted
                                            Jan 15, 2025 08:44:16.350552082 CET50026587192.168.2.6212.44.102.65DATA
                                            Jan 15, 2025 08:44:16.409223080 CET58750025212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:44:16.547022104 CET58750026212.44.102.65192.168.2.6354 Enter message, ending with "." on a line by itself
                                            Jan 15, 2025 08:44:16.872215033 CET58750025212.44.102.65192.168.2.6250 OK id=1tXy4W-0002kY-10
                                            Jan 15, 2025 08:44:17.008769989 CET58750026212.44.102.65192.168.2.6250 OK id=1tXy4W-0002ka-1S

                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:02:40:04
                                            Start date:15/01/2025
                                            Path:C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"
                                            Imagebase:0x970000
                                            File size:797'696 bytes
                                            MD5 hash:10A2684AAE3F75A984DC63506E8ED8DC
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2142513748.0000000003D19000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2142513748.0000000004582000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:3
                                            Start time:02:40:05
                                            Start date:15/01/2025
                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"
                                            Imagebase:0x3f0000
                                            File size:433'152 bytes
                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:4
                                            Start time:02:40:05
                                            Start date:15/01/2025
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff66e660000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:5
                                            Start time:02:40:05
                                            Start date:15/01/2025
                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\RvUJzKx.exe"
                                            Imagebase:0x3f0000
                                            File size:433'152 bytes
                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:6
                                            Start time:02:40:05
                                            Start date:15/01/2025
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff66e660000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:7
                                            Start time:02:40:05
                                            Start date:15/01/2025
                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp1B68.tmp"
                                            Imagebase:0xf10000
                                            File size:187'904 bytes
                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:8
                                            Start time:02:40:05
                                            Start date:15/01/2025
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff66e660000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:9
                                            Start time:02:40:06
                                            Start date:15/01/2025
                                            Path:C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\NEW SHIPPING DOCUMENTS.exe"
                                            Imagebase:0xe70000
                                            File size:797'696 bytes
                                            MD5 hash:10A2684AAE3F75A984DC63506E8ED8DC
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.4586675330.000000000326B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.4586675330.000000000326B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:false

                                            General

                                            Target ID:10
                                            Start time:02:40:07
                                            Start date:15/01/2025
                                            Path:C:\Users\user\AppData\Roaming\RvUJzKx.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Users\user\AppData\Roaming\RvUJzKx.exe
                                            Imagebase:0x4a0000
                                            File size:797'696 bytes
                                            MD5 hash:10A2684AAE3F75A984DC63506E8ED8DC
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Antivirus matches:
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 37%, ReversingLabs
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:11
                                            Start time:02:40:09
                                            Start date:15/01/2025
                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                            Imagebase:0x7ff717f30000
                                            File size:496'640 bytes
                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                            Has elevated privileges:true
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:false

                                            General

                                            Target ID:12
                                            Start time:02:40:10
                                            Start date:15/01/2025
                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RvUJzKx" /XML "C:\Users\user\AppData\Local\Temp\tmp2DB8.tmp"
                                            Imagebase:0xf10000
                                            File size:187'904 bytes
                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:13
                                            Start time:02:40:10
                                            Start date:15/01/2025
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff66e660000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:14
                                            Start time:02:40:10
                                            Start date:15/01/2025
                                            Path:C:\Users\user\AppData\Roaming\RvUJzKx.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Roaming\RvUJzKx.exe"
                                            Imagebase:0xa30000
                                            File size:797'696 bytes
                                            MD5 hash:10A2684AAE3F75A984DC63506E8ED8DC
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.4586702521.000000000302B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.4586702521.000000000302B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Has exited:false

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:10.9%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:3.9%
                                              Total number of Nodes:228
                                              Total number of Limit Nodes:13
                                              execution_graph 39309 74134d0 39310 741365b 39309->39310 39311 74134f6 39309->39311 39311->39310 39314 7413750 PostMessageW 39311->39314 39316 7413748 39311->39316 39315 74137bc 39314->39315 39315->39311 39317 7413750 PostMessageW 39316->39317 39318 74137bc 39317->39318 39318->39311 39489 519b7d8 39493 519b8d0 39489->39493 39503 519b8c2 39489->39503 39490 519b7e7 39494 519b8e1 39493->39494 39497 519b904 39493->39497 39513 519b294 39494->39513 39497->39490 39498 519bb08 GetModuleHandleW 39500 519bb35 39498->39500 39499 519b8fc 39499->39497 39499->39498 39500->39490 39504 519b8d0 39503->39504 39505 519b294 GetModuleHandleW 39504->39505 39507 519b904 39504->39507 39506 519b8ec 39505->39506 39506->39507 39511 519bb58 GetModuleHandleW 39506->39511 39512 519bb68 GetModuleHandleW 39506->39512 39507->39490 39508 519bb08 GetModuleHandleW 39510 519bb35 39508->39510 39509 519b8fc 39509->39507 39509->39508 39510->39490 39511->39509 39512->39509 39514 519bac0 GetModuleHandleW 39513->39514 39516 519b8ec 39514->39516 39516->39497 39517 519bb68 39516->39517 39520 519bb58 39516->39520 39518 519bb7c 39517->39518 39519 519b294 GetModuleHandleW 39517->39519 39518->39499 39519->39518 39521 519b294 GetModuleHandleW 39520->39521 39522 519bb7c 39521->39522 39522->39499 39574 5194668 39575 519467a 39574->39575 39576 5194686 39575->39576 39578 5194779 39575->39578 39579 5194782 39578->39579 39581 51947d8 39578->39581 39584 5194888 39579->39584 39588 5194877 39579->39588 39581->39576 39586 51948aa 39584->39586 39585 519498c 39585->39585 39586->39585 39592 519454c 39586->39592 39590 5194887 39588->39590 39589 519498c 39589->39589 39590->39589 39591 519454c CreateActCtxA 39590->39591 39591->39589 39593 5195d18 CreateActCtxA 39592->39593 39595 5195ddb 39593->39595 39595->39595 39319 74100f9 39320 7410103 39319->39320 39321 7410304 39319->39321 39324 7412240 39320->39324 39341 741223a 39320->39341 39325 741225a 39324->39325 39331 741227e 39325->39331 39358 7412ee5 39325->39358 39363 7412b40 39325->39363 39371 7412ae1 39325->39371 39378 741267f 39325->39378 39383 7412a3b 39325->39383 39391 74127b9 39325->39391 39397 7413056 39325->39397 39403 7412d97 39325->39403 39408 74130f4 39325->39408 39412 741282c 39325->39412 39417 741276c 39325->39417 39421 741296a 39325->39421 39426 74126e9 39325->39426 39431 7412646 39325->39431 39331->39321 39342 741225a 39341->39342 39343 7412ae1 3 API calls 39342->39343 39344 7412b40 5 API calls 39342->39344 39345 7412ee5 2 API calls 39342->39345 39346 7412646 2 API calls 39342->39346 39347 74126e9 2 API calls 39342->39347 39348 741227e 39342->39348 39349 741296a 2 API calls 39342->39349 39350 741276c 2 API calls 39342->39350 39351 741282c 2 API calls 39342->39351 39352 74130f4 2 API calls 39342->39352 39353 7412d97 2 API calls 39342->39353 39354 7413056 3 API calls 39342->39354 39355 74127b9 3 API calls 39342->39355 39356 7412a3b 4 API calls 39342->39356 39357 741267f 2 API calls 39342->39357 39343->39348 39344->39348 39345->39348 39346->39348 39347->39348 39348->39321 39349->39348 39350->39348 39351->39348 39352->39348 39353->39348 39354->39348 39355->39348 39356->39348 39357->39348 39359 7413009 39358->39359 39436 706f6a0 39359->39436 39440 706f6a8 39359->39440 39360 741302b 39444 709f648 39363->39444 39448 709f640 39363->39448 39364 7412b5a 39452 709f200 39364->39452 39457 709f160 39364->39457 39461 709f158 39364->39461 39365 741315e 39372 74127b8 39371->39372 39373 7412748 39372->39373 39375 709f158 ResumeThread 39372->39375 39376 709f200 ResumeThread 39372->39376 39377 709f160 ResumeThread 39372->39377 39373->39331 39374 741315e 39375->39374 39376->39374 39377->39374 39379 7412689 39378->39379 39465 706f835 39379->39465 39469 706f840 39379->39469 39384 7412a3f 39383->39384 39385 7412809 39384->39385 39481 709fb58 39384->39481 39485 709fb51 39384->39485 39386 741318a 39385->39386 39473 709fc18 39385->39473 39477 709fc11 39385->39477 39386->39331 39392 74127d3 39391->39392 39394 709f158 ResumeThread 39392->39394 39395 709f200 ResumeThread 39392->39395 39396 709f160 ResumeThread 39392->39396 39393 741315e 39394->39393 39395->39393 39396->39393 39399 7412feb 39397->39399 39398 741315e 39400 709f158 ResumeThread 39399->39400 39401 709f200 ResumeThread 39399->39401 39402 709f160 ResumeThread 39399->39402 39400->39398 39401->39398 39402->39398 39404 7412809 39403->39404 39404->39403 39405 741318a 39404->39405 39406 709fc18 WriteProcessMemory 39404->39406 39407 709fc11 WriteProcessMemory 39404->39407 39405->39331 39406->39404 39407->39404 39409 7413113 39408->39409 39410 709f648 Wow64SetThreadContext 39408->39410 39411 709f640 Wow64SetThreadContext 39408->39411 39410->39409 39411->39409 39413 7412853 39412->39413 39415 709fc18 WriteProcessMemory 39413->39415 39416 709fc11 WriteProcessMemory 39413->39416 39414 7412748 39414->39331 39415->39414 39416->39414 39419 709fc18 WriteProcessMemory 39417->39419 39420 709fc11 WriteProcessMemory 39417->39420 39418 7412793 39418->39331 39419->39418 39420->39418 39422 74130f8 39421->39422 39424 709f648 Wow64SetThreadContext 39422->39424 39425 709f640 Wow64SetThreadContext 39422->39425 39423 7413113 39424->39423 39425->39423 39427 74126ed 39426->39427 39429 706f835 CreateProcessA 39427->39429 39430 706f840 CreateProcessA 39427->39430 39428 7412720 39428->39331 39429->39428 39430->39428 39432 741264d 39431->39432 39434 706f835 CreateProcessA 39432->39434 39435 706f840 CreateProcessA 39432->39435 39433 7412720 39433->39331 39434->39433 39435->39433 39437 706f6a8 ReadProcessMemory 39436->39437 39439 706f737 39437->39439 39439->39360 39441 706f6f3 ReadProcessMemory 39440->39441 39443 706f737 39441->39443 39443->39360 39445 709f68d Wow64SetThreadContext 39444->39445 39447 709f6d5 39445->39447 39447->39364 39449 709f648 Wow64SetThreadContext 39448->39449 39451 709f6d5 39449->39451 39451->39364 39453 709f20a 39452->39453 39454 709f1ae ResumeThread 39452->39454 39453->39365 39456 709f1d1 39454->39456 39456->39365 39458 709f1a0 ResumeThread 39457->39458 39460 709f1c6 39458->39460 39460->39365 39462 709f15e ResumeThread 39461->39462 39464 709f1c6 39461->39464 39462->39464 39464->39365 39466 706f840 CreateProcessA 39465->39466 39468 706fa8b 39466->39468 39470 706f8c9 CreateProcessA 39469->39470 39472 706fa8b 39470->39472 39474 709fc60 WriteProcessMemory 39473->39474 39476 709fcb7 39474->39476 39476->39385 39478 709fc18 WriteProcessMemory 39477->39478 39480 709fcb7 39478->39480 39480->39385 39482 709fb98 VirtualAllocEx 39481->39482 39484 709fbd5 39482->39484 39484->39385 39486 709fb98 VirtualAllocEx 39485->39486 39488 709fbd5 39486->39488 39488->39385 39596 519db60 39597 519dba6 39596->39597 39601 519dd40 39597->39601 39604 519dd2f 39597->39604 39598 519dc93 39608 519d678 39601->39608 39605 519dd40 39604->39605 39606 519d678 DuplicateHandle 39605->39606 39607 519dd6e 39606->39607 39607->39598 39609 519dda8 DuplicateHandle 39608->39609 39610 519dd6e 39609->39610 39610->39598 39523 7062748 39524 706275e 39523->39524 39528 7062ba2 39524->39528 39533 7062bb0 39524->39533 39525 70627d4 39529 7062bb0 39528->39529 39537 7062be0 39529->39537 39542 7062bf0 39529->39542 39530 7062bce 39530->39525 39535 7062be0 DrawTextExW 39533->39535 39536 7062bf0 DrawTextExW 39533->39536 39534 7062bce 39534->39525 39535->39534 39536->39534 39538 7062c21 39537->39538 39539 7062c4e 39538->39539 39547 7062c62 39538->39547 39552 7062c70 39538->39552 39539->39530 39543 7062c21 39542->39543 39544 7062c4e 39543->39544 39545 7062c62 DrawTextExW 39543->39545 39546 7062c70 DrawTextExW 39543->39546 39544->39530 39545->39544 39546->39544 39549 7062c70 39547->39549 39548 7062ca6 39548->39539 39549->39548 39557 7061874 39549->39557 39551 7062d01 39554 7062c91 39552->39554 39553 7062ca6 39553->39539 39554->39553 39555 7061874 DrawTextExW 39554->39555 39556 7062d01 39555->39556 39559 706187f 39557->39559 39558 7063491 39558->39551 39559->39558 39563 7063ad7 39559->39563 39567 7063ae8 39559->39567 39560 70635a3 39560->39551 39564 7063ae8 39563->39564 39570 70630fc 39564->39570 39568 70630fc DrawTextExW 39567->39568 39569 7063b05 39568->39569 39569->39560 39571 7063b20 DrawTextExW 39570->39571 39573 7063b05 39571->39573 39573->39560

                                              Executed Functions

                                              Function 0709F200 Relevance: 1.7, APIs: 1, Instructions: 167threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 229 709f200-709f208 230 709f20a-709f23f 229->230 231 709f1ae-709f1af 229->231 235 709f241 230->235 236 709f246-709f29c 230->236 233 709f1b1-709f1b3 231->233 234 709f1b5-709f1cf ResumeThread 231->234 233->234 243 709f1d8-709f1fd 234->243 244 709f1d1-709f1d7 234->244 235->236 237 709f3af-709f3c0 236->237 238 709f2a2-709f2a4 236->238 240 709f438-709f449 237->240 241 709f3c2-709f3c4 237->241 238->237 242 709f2aa-709f2da 238->242 245 709f628-709f632 240->245 246 709f44f-709f451 240->246 241->240 247 709f3c6-709f3d6 241->247 248 709f2dc 242->248 249 709f2e1-709f2f2 242->249 244->243 246->245 251 709f457-709f487 246->251 252 709f3d8-709f3e5 247->252 253 709f3e7 247->253 248->249 255 709f2f9-709f30f 249->255 256 709f2f4 249->256 259 709f489 251->259 260 709f48e-709f49f 251->260 261 709f3ea-709f425 252->261 253->261 257 709f311 255->257 258 709f316-709f32c 255->258 256->255 257->258 263 709f32e 258->263 264 709f333-709f38e 258->264 259->260 265 709f4a1 260->265 266 709f4a6-709f4bc 260->266 280 709f42c-709f433 261->280 281 709f427 261->281 263->264 289 709f398 264->289 290 709f390-709f396 264->290 265->266 268 709f4be 266->268 269 709f4c3-709f4d9 266->269 268->269 272 709f4db 269->272 273 709f4e0-709f51d 269->273 272->273 274 709f51f 273->274 275 709f524-709f535 273->275 274->275 277 709f53c-709f552 275->277 278 709f537 275->278 282 709f559-709f56f 277->282 283 709f554 277->283 278->277 280->245 281->280 284 709f571 282->284 285 709f576-709f595 282->285 283->282 284->285 287 709f59f 285->287 288 709f597-709f59d 285->288 291 709f5a2-709f610 287->291 288->291 292 709f39b-709f3aa 289->292 290->292 299 709f61a 291->299 300 709f612-709f618 291->300 292->245 301 709f61d-709f625 299->301 300->301 301->245
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 45dde594f65a57d6e5d2dc77fae3e7a1f6e24f11904aae56a30313d7fc85fd72
                                              • Instruction ID: 62802e6bca8e12a23ab37c36d9bb9542611b362063e8571dcf0a75d086d0e046
                                              • Opcode Fuzzy Hash: 45dde594f65a57d6e5d2dc77fae3e7a1f6e24f11904aae56a30313d7fc85fd72
                                              • Instruction Fuzzy Hash: D96172B5D0021A8FDB14CFA9C5406AEFBF2BF89304F24C26AD418A7355C7349942CFA1
                                              Function 07095AB0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ?w=>
                                              • API String ID: 0-1933253675
                                              • Opcode ID: e4e4cfe2b553ad5678d460e279f5b9c59af9772d8ea63d151681eaed4fc286a4
                                              • Instruction ID: c3a0065dded1b5379f0387ec74f72330646b93bf0cd0aeac9ae9d6a0a9e9c9b6
                                              • Opcode Fuzzy Hash: e4e4cfe2b553ad5678d460e279f5b9c59af9772d8ea63d151681eaed4fc286a4
                                              • Instruction Fuzzy Hash: A7B104B1E15219DFDF19CFA6D88059EFBB2BF89300F10962AD425BB264DB349902DF10
                                              Function 07095AC0 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ?w=>
                                              • API String ID: 0-1933253675
                                              • Opcode ID: d58e7ff036f87a7deaa9405547cfd6a977965a0536f692907d1a6a31344aade1
                                              • Instruction ID: f438bb8d481838626057362053db60d17d93c9350dff91c7469df1d6e52b8577
                                              • Opcode Fuzzy Hash: d58e7ff036f87a7deaa9405547cfd6a977965a0536f692907d1a6a31344aade1
                                              • Instruction Fuzzy Hash: 6CB1F1B0E15219DBDF19CFE6D88059EFBB2BF89300F10962AD425BB264DB349902DF14
                                              Function 070935D8 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 5{
                                              • API String ID: 0-2291050889
                                              • Opcode ID: b9deb0ef27c93fb414b97176087346847cd25aaa67a37b2b6672bf5285599616
                                              • Instruction ID: 985668ffac2935fe63afe05aa1faa09f4362bc8e82b3f72938f568a91dc1abf3
                                              • Opcode Fuzzy Hash: b9deb0ef27c93fb414b97176087346847cd25aaa67a37b2b6672bf5285599616
                                              • Instruction Fuzzy Hash: 11B121B4E0120ADFCB08DFA9D5854AEFBF2FF89300F11956AD406AB364DB3599018F91
                                              Function 070935E8 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 5{
                                              • API String ID: 0-2291050889
                                              • Opcode ID: 06193092111e0a5aa1dc95a1981e246a46a5be94157a0de6fbf91f806313032a
                                              • Instruction ID: 9c84abeaa3c282ccd97c022902c189ac4b32c09ef7d548f7f1a4888a1fd04104
                                              • Opcode Fuzzy Hash: 06193092111e0a5aa1dc95a1981e246a46a5be94157a0de6fbf91f806313032a
                                              • Instruction Fuzzy Hash: A1A132B4E0120ADBCB08DFA9D5854AEFBF2FF89300F11956AD406AB364DB349901CF91
                                              Function 07095201 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: j4$y
                                              • API String ID: 0-2391584009
                                              • Opcode ID: 0714b982a05bc211a9bb2a3b613a880bece21a8920f236671edb69d925e22e6c
                                              • Instruction ID: 63f1ac286178a2f8d00744e36de2315b156afcf14b1ddb56698bba3e3e3413e3
                                              • Opcode Fuzzy Hash: 0714b982a05bc211a9bb2a3b613a880bece21a8920f236671edb69d925e22e6c
                                              • Instruction Fuzzy Hash: 8F81F6B1E15209EFDF09CFA6D9809DEFBB2FB8A310F10952AE415AB264D7349552DF00
                                              Function 07095210 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: j4$y
                                              • API String ID: 0-2391584009
                                              • Opcode ID: 4eabf80be9b70ada4211b01f1f8f056c9fc94e0c625ace643f1feff11e226797
                                              • Instruction ID: aa3dfe19974b6cb079b01a645f8a36171cf4334da857399a26c6fc6a48b44948
                                              • Opcode Fuzzy Hash: 4eabf80be9b70ada4211b01f1f8f056c9fc94e0c625ace643f1feff11e226797
                                              • Instruction Fuzzy Hash: 4A81F7B1E15209EFDF08CFA6D9809DEFBB6FB8A310F10952AE415AB264D7349552DF00
                                              Function 0706DCD8 Relevance: .3, Instructions: 286COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3b9a2eaab22e58021c756c3ddf5dd1806d279be55063bc29ac6c3546cde6e1e5
                                              • Instruction ID: f248705e690fefc50f2fe2bc181596c04d485b73ec545107ee644a9c51d59313
                                              • Opcode Fuzzy Hash: 3b9a2eaab22e58021c756c3ddf5dd1806d279be55063bc29ac6c3546cde6e1e5
                                              • Instruction Fuzzy Hash: 7CA169B9E01219DFCB08DFA9D895ADEBBF2FF88311F20852AE405BB214D7305945CB91
                                              Function 05194204 Relevance: .3, Instructions: 259COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2146251487.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5190000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8e3c65d22ab94e5155055f5022945f530128261e873408414ad19162a3f2bdfd
                                              • Instruction ID: 6a020c197b7be80c9c9fa73b6d146b111a197091cd6b609314eb4e45ce9b7158
                                              • Opcode Fuzzy Hash: 8e3c65d22ab94e5155055f5022945f530128261e873408414ad19162a3f2bdfd
                                              • Instruction Fuzzy Hash: A0C1B374E00209CFDB05DFA9D899AAEBBF2FF88300F1481A9D509AB355DB316945CF50
                                              Function 05197088 Relevance: .3, Instructions: 259COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2146251487.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5190000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2a44e2b58ef060b1875255da499cb74ae8ade105bbd39ef315f7983d24a0495a
                                              • Instruction ID: e14f8550f16c8aca6918209c0be178a5a160cb8164b54f0a09cf7d0bc1efb977
                                              • Opcode Fuzzy Hash: 2a44e2b58ef060b1875255da499cb74ae8ade105bbd39ef315f7983d24a0495a
                                              • Instruction Fuzzy Hash: C0C1A274E00209CFDB05DFA9D899AAEBBF2FF88300F1480A9D509AB365DB316945CF50
                                              Function 0706DD78 Relevance: .2, Instructions: 189COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 588da03f19427aa49eded5c59420cff6998b45cec0690d5f8b958ab5c7d4b3cd
                                              • Instruction ID: 1dc03f3902ab5bc2c2ad4e5117b433e631336a685e4237ce45556f3823d21962
                                              • Opcode Fuzzy Hash: 588da03f19427aa49eded5c59420cff6998b45cec0690d5f8b958ab5c7d4b3cd
                                              • Instruction Fuzzy Hash: C881D4B4E10219CFDB08DFAAC894AAEFBF2FF89304F14812AD519AB354D7345901CB50
                                              Function 07093A19 Relevance: .2, Instructions: 154COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e0cd8255682fd88c286533bad4a9d6270f81e00aad6b97ed91cfcf15c579fb2c
                                              • Instruction ID: f9f7189ed46a05759223fb6c2244bc6ac79a81e4e964d211004ecbd16a60891c
                                              • Opcode Fuzzy Hash: e0cd8255682fd88c286533bad4a9d6270f81e00aad6b97ed91cfcf15c579fb2c
                                              • Instruction Fuzzy Hash: A35129B4E152099FCF08CFA5D9854AEFBF6FF89300F10952AE426E7264DB349A019F54
                                              Function 07093A28 Relevance: .2, Instructions: 152COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 59bf6b8cc342970fc320581baa6440b165f860087064443cc49ccc43fc3faecc
                                              • Instruction ID: 07ada46b5508ad132253acccb65f409cf50c1691104c9927cf1fa9111f5d7742
                                              • Opcode Fuzzy Hash: 59bf6b8cc342970fc320581baa6440b165f860087064443cc49ccc43fc3faecc
                                              • Instruction Fuzzy Hash: CC5128B4E146099FCF08CFA5D9854AEFBF6FF89300F10952AE426E7264DB349A019F54
                                              Function 07412646 Relevance: .1, Instructions: 92COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2164510896.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7410000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1983bb1bc60a25796bedf3d5786957e9ac989367a4f0a239bc618d3eaa930a53
                                              • Instruction ID: de0758b647cb9b921dc6715f0f0a22ba4732c37075522d48227d125396bc4f8e
                                              • Opcode Fuzzy Hash: 1983bb1bc60a25796bedf3d5786957e9ac989367a4f0a239bc618d3eaa930a53
                                              • Instruction Fuzzy Hash: C34128B4A54229CFCB65EF64C845BEDBBB4BB0A300F1094EAD509E7290DBB05AC5DF40
                                              Function 07090007 Relevance: .1, Instructions: 83COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a2d0b354806fe30fc59c1366b8adb7d04cec8a9615a9e8967490ea54945a8d00
                                              • Instruction ID: 58c650e667418e59960390b417826e27f656aa9265d0a9ba3b9a1ce04d2ce1f0
                                              • Opcode Fuzzy Hash: a2d0b354806fe30fc59c1366b8adb7d04cec8a9615a9e8967490ea54945a8d00
                                              • Instruction Fuzzy Hash: 23315A71D053458FDB49CF66C8502DABFF3AFC6310F18C1A6D404AA265DB780A46CB51
                                              Function 07090040 Relevance: .1, Instructions: 76COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1cc039b5888ae86a830c1fdb5ca6d4aff573d22b527cf595af9961f11b4fec98
                                              • Instruction ID: 66a7d9c45c04e3a106cc144a74e3bdb76a774adfce4050db4e1dab4ad71be711
                                              • Opcode Fuzzy Hash: 1cc039b5888ae86a830c1fdb5ca6d4aff573d22b527cf595af9961f11b4fec98
                                              • Instruction Fuzzy Hash: E33106B1E01618CBDB58CFAAC84469EBBF7AFC9310F14C1A9E409A7354DB355A85CF40
                                              Function 0706D248 Relevance: .1, Instructions: 65COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c219efd4fbd52c2d0954290e8a36b9040748de7ad40770700cd055f1223185a4
                                              • Instruction ID: 48f6a58b7cc92d967a3d5e4a63f0794887848b324b1a77d2d10a89ff40f0f4b3
                                              • Opcode Fuzzy Hash: c219efd4fbd52c2d0954290e8a36b9040748de7ad40770700cd055f1223185a4
                                              • Instruction Fuzzy Hash: 6F21A8B1E106199BEB58CFABD85479EFBF7AFC8200F04C17AD408A6228DB745A458F51
                                              Function 0706F835 Relevance: 1.8, APIs: 1, Instructions: 251processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 54 706f835-706f8d5 57 706f8d7-706f8e1 54->57 58 706f90e-706f92e 54->58 57->58 59 706f8e3-706f8e5 57->59 65 706f967-706f996 58->65 66 706f930-706f93a 58->66 60 706f8e7-706f8f1 59->60 61 706f908-706f90b 59->61 63 706f8f5-706f904 60->63 64 706f8f3 60->64 61->58 63->63 67 706f906 63->67 64->63 72 706f9cf-706fa89 CreateProcessA 65->72 73 706f998-706f9a2 65->73 66->65 68 706f93c-706f93e 66->68 67->61 70 706f940-706f94a 68->70 71 706f961-706f964 68->71 74 706f94e-706f95d 70->74 75 706f94c 70->75 71->65 86 706fa92-706fb18 72->86 87 706fa8b-706fa91 72->87 73->72 77 706f9a4-706f9a6 73->77 74->74 76 706f95f 74->76 75->74 76->71 78 706f9a8-706f9b2 77->78 79 706f9c9-706f9cc 77->79 81 706f9b6-706f9c5 78->81 82 706f9b4 78->82 79->72 81->81 84 706f9c7 81->84 82->81 84->79 97 706fb1a-706fb1e 86->97 98 706fb28-706fb2c 86->98 87->86 97->98 99 706fb20 97->99 100 706fb2e-706fb32 98->100 101 706fb3c-706fb40 98->101 99->98 100->101 102 706fb34 100->102 103 706fb42-706fb46 101->103 104 706fb50-706fb54 101->104 102->101 103->104 107 706fb48 103->107 105 706fb66-706fb6d 104->105 106 706fb56-706fb5c 104->106 108 706fb84 105->108 109 706fb6f-706fb7e 105->109 106->105 107->104 111 706fb85 108->111 109->108 111->111
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0706FA76
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: 96f6f76eccc3285b706dcb9ab98337afbc0f4ed1386f59cd4a6a103b9e1f5c53
                                              • Instruction ID: 0725998d16d20fcf99a5dc076c1ceea5bb053287956e2db154f16596f59775dd
                                              • Opcode Fuzzy Hash: 96f6f76eccc3285b706dcb9ab98337afbc0f4ed1386f59cd4a6a103b9e1f5c53
                                              • Instruction Fuzzy Hash: 3FA16BB1D0021ADFEF14DF68D8557DDBBF2AF48314F1486A9E808A7240DB74A985CF91
                                              Function 0706F840 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 112 706f840-706f8d5 114 706f8d7-706f8e1 112->114 115 706f90e-706f92e 112->115 114->115 116 706f8e3-706f8e5 114->116 122 706f967-706f996 115->122 123 706f930-706f93a 115->123 117 706f8e7-706f8f1 116->117 118 706f908-706f90b 116->118 120 706f8f5-706f904 117->120 121 706f8f3 117->121 118->115 120->120 124 706f906 120->124 121->120 129 706f9cf-706fa89 CreateProcessA 122->129 130 706f998-706f9a2 122->130 123->122 125 706f93c-706f93e 123->125 124->118 127 706f940-706f94a 125->127 128 706f961-706f964 125->128 131 706f94e-706f95d 127->131 132 706f94c 127->132 128->122 143 706fa92-706fb18 129->143 144 706fa8b-706fa91 129->144 130->129 134 706f9a4-706f9a6 130->134 131->131 133 706f95f 131->133 132->131 133->128 135 706f9a8-706f9b2 134->135 136 706f9c9-706f9cc 134->136 138 706f9b6-706f9c5 135->138 139 706f9b4 135->139 136->129 138->138 141 706f9c7 138->141 139->138 141->136 154 706fb1a-706fb1e 143->154 155 706fb28-706fb2c 143->155 144->143 154->155 156 706fb20 154->156 157 706fb2e-706fb32 155->157 158 706fb3c-706fb40 155->158 156->155 157->158 159 706fb34 157->159 160 706fb42-706fb46 158->160 161 706fb50-706fb54 158->161 159->158 160->161 164 706fb48 160->164 162 706fb66-706fb6d 161->162 163 706fb56-706fb5c 161->163 165 706fb84 162->165 166 706fb6f-706fb7e 162->166 163->162 164->161 168 706fb85 165->168 166->165 168->168
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0706FA76
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: 4ed90609632dbfcb2b3dd2385a36c596b5358d19bf71efa215c6247c4ee11c3b
                                              • Instruction ID: 426b1fae91c15252f0a4f65076cc00047be068b146c0071d6953fca43297eab0
                                              • Opcode Fuzzy Hash: 4ed90609632dbfcb2b3dd2385a36c596b5358d19bf71efa215c6247c4ee11c3b
                                              • Instruction Fuzzy Hash: 11914AB1D0021ADFEF14DF68D8557DDBAF2AB48314F1486A9E808A7240DB74A985CF91
                                              Function 0519B8D0 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 169 519b8d0-519b8df 170 519b90b-519b90f 169->170 171 519b8e1-519b8ee call 519b294 169->171 172 519b911-519b91b 170->172 173 519b923-519b964 170->173 178 519b8f0 171->178 179 519b904 171->179 172->173 180 519b971-519b97f 173->180 181 519b966-519b96e 173->181 227 519b8f6 call 519bb58 178->227 228 519b8f6 call 519bb68 178->228 179->170 183 519b981-519b986 180->183 184 519b9a3-519b9a5 180->184 181->180 182 519b8fc-519b8fe 182->179 185 519ba40-519bb00 182->185 187 519b988-519b98f call 519b2a0 183->187 188 519b991 183->188 186 519b9a8-519b9af 184->186 220 519bb08-519bb33 GetModuleHandleW 185->220 221 519bb02-519bb05 185->221 190 519b9bc-519b9c3 186->190 191 519b9b1-519b9b9 186->191 189 519b993-519b9a1 187->189 188->189 189->186 193 519b9d0-519b9d9 call 519b2b0 190->193 194 519b9c5-519b9cd 190->194 191->190 200 519b9db-519b9e3 193->200 201 519b9e6-519b9eb 193->201 194->193 200->201 202 519ba09-519ba0d 201->202 203 519b9ed-519b9f4 201->203 225 519ba10 call 519be68 202->225 226 519ba10 call 519be42 202->226 203->202 205 519b9f6-519ba06 call 519b2c0 call 519b2d0 203->205 205->202 206 519ba13-519ba16 209 519ba39-519ba3f 206->209 210 519ba18-519ba36 206->210 210->209 222 519bb3c-519bb50 220->222 223 519bb35-519bb3b 220->223 221->220 223->222 225->206 226->206 227->182 228->182
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2146251487.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5190000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 836d6185abdbfc8fdceed667bd7ea56f7f942ae32831080859536054bf8dad9f
                                              • Instruction ID: 15c9ac5a03642788298ba8f77f85c725b185eb3e92b8197a05046b6609632274
                                              • Opcode Fuzzy Hash: 836d6185abdbfc8fdceed667bd7ea56f7f942ae32831080859536054bf8dad9f
                                              • Instruction Fuzzy Hash: 69715A70A18B058FDB28DF6AE45476ABBF1FF88700F00892DD48AD7A40DB74E805CB91
                                              Function 0519454C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 303 519454c-5195dd9 CreateActCtxA 306 5195ddb-5195de1 303->306 307 5195de2-5195e3c 303->307 306->307 314 5195e4b-5195e4f 307->314 315 5195e3e-5195e41 307->315 316 5195e51-5195e5d 314->316 317 5195e60 314->317 315->314 316->317 319 5195e61 317->319 319->319
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 05195DC9
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2146251487.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5190000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: d8b59fe97518e84e7dea3fb2011b941b2c2d7452b90f005620aa967134166816
                                              • Instruction ID: 26801e18c787f050806994726ddcd8afd0849803373cea986c41370c35bd977f
                                              • Opcode Fuzzy Hash: d8b59fe97518e84e7dea3fb2011b941b2c2d7452b90f005620aa967134166816
                                              • Instruction Fuzzy Hash: 7E41BFB0C00619CADF29CFA9C94479DBBB6BF48704F60805AD409AB255DBB56945CF90
                                              Function 05195D0D Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 320 5195d0d-5195dd9 CreateActCtxA 322 5195ddb-5195de1 320->322 323 5195de2-5195e3c 320->323 322->323 330 5195e4b-5195e4f 323->330 331 5195e3e-5195e41 323->331 332 5195e51-5195e5d 330->332 333 5195e60 330->333 331->330 332->333 335 5195e61 333->335 335->335
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 05195DC9
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2146251487.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5190000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 0e20c26d0f37218f93934c30b262be8fb39a8eabd2dda949ced359bf25af6469
                                              • Instruction ID: 59afa83b20d2159f4b3920a966c5e8cc016578222c98252d6d2153be45159a83
                                              • Opcode Fuzzy Hash: 0e20c26d0f37218f93934c30b262be8fb39a8eabd2dda949ced359bf25af6469
                                              • Instruction Fuzzy Hash: 2141FFB0C00619CADF29CFA9C94479DBBB6BF88304F20805AD408AB251DBB56945CF50
                                              Function 0709FC11 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 336 709fc11-709fc66 339 709fc68-709fc74 336->339 340 709fc76-709fcb5 WriteProcessMemory 336->340 339->340 342 709fcbe-709fcee 340->342 343 709fcb7-709fcbd 340->343 343->342
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0709FCA8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: 250352ac2ca1e98cbc3e765200f0b2c7587d87364ce535ef3e8af9c1a4fde003
                                              • Instruction ID: 837649a38ea3bd48c76153d0828cac47d9f25da6ddddc6066309443d36b85743
                                              • Opcode Fuzzy Hash: 250352ac2ca1e98cbc3e765200f0b2c7587d87364ce535ef3e8af9c1a4fde003
                                              • Instruction Fuzzy Hash: 0A214BB590030A9FDF10CFA9C941BDEBBF5FF48310F108429E918A7240D778A950DBA5
                                              Function 070630FC Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 347 70630fc-7063b6c 349 7063b77-7063b86 347->349 350 7063b6e-7063b74 347->350 351 7063b8b-7063bc4 DrawTextExW 349->351 352 7063b88 349->352 350->349 353 7063bc6-7063bcc 351->353 354 7063bcd-7063bea 351->354 352->351 353->354
                                              APIs
                                              • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07063B05,?,?), ref: 07063BB7
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: DrawText
                                              • String ID:
                                              • API String ID: 2175133113-0
                                              • Opcode ID: c11681278f1381178207d5291e3110922f5e3144a20518cfca966f2779342b27
                                              • Instruction ID: ac02c558d65195a32243689eb5eef13228d4794bb98da7bcb0a1cbbbc08cbee9
                                              • Opcode Fuzzy Hash: c11681278f1381178207d5291e3110922f5e3144a20518cfca966f2779342b27
                                              • Instruction Fuzzy Hash: 7431C2B59003099FDB10CF9AD884AEEFBF4FF48320F54852AE919A7210D775A944CFA4
                                              Function 07063B18 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 357 7063b18-7063b6c 358 7063b77-7063b86 357->358 359 7063b6e-7063b74 357->359 360 7063b8b-7063bc4 DrawTextExW 358->360 361 7063b88 358->361 359->358 362 7063bc6-7063bcc 360->362 363 7063bcd-7063bea 360->363 361->360 362->363
                                              APIs
                                              • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07063B05,?,?), ref: 07063BB7
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: DrawText
                                              • String ID:
                                              • API String ID: 2175133113-0
                                              • Opcode ID: fd79dcba55ec74e44396611330bfc334de880d0d465734aee0962594f620ef58
                                              • Instruction ID: b31c83e3d39c552ccc699ebb318240f2535b5ed52d6dff1920c4a86457201152
                                              • Opcode Fuzzy Hash: fd79dcba55ec74e44396611330bfc334de880d0d465734aee0962594f620ef58
                                              • Instruction Fuzzy Hash: B231C3B5D0020A9FDB10CF99D984ADEFBF4FF48324F14842AE519A7210D775A955CFA0
                                              Function 0709FC18 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 366 709fc18-709fc66 368 709fc68-709fc74 366->368 369 709fc76-709fcb5 WriteProcessMemory 366->369 368->369 371 709fcbe-709fcee 369->371 372 709fcb7-709fcbd 369->372 372->371
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0709FCA8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: fb21194508b85b55ac58f2dccca84d1a6bd733a13b7ff2dc5a5b08d0bc4b8850
                                              • Instruction ID: 467f967f10185b4565426b7d832288831c7a3e1310c7e4d3efc4ba7dba97c406
                                              • Opcode Fuzzy Hash: fb21194508b85b55ac58f2dccca84d1a6bd733a13b7ff2dc5a5b08d0bc4b8850
                                              • Instruction Fuzzy Hash: 732146B190030A9FDF10CFA9C981BDEBBF5FF48310F108829E918A7240C778A950DBA4
                                              Function 0706F6A0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 376 706f6a0-706f735 ReadProcessMemory 380 706f737-706f73d 376->380 381 706f73e-706f76e 376->381 380->381
                                              APIs
                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0706F728
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: MemoryProcessRead
                                              • String ID:
                                              • API String ID: 1726664587-0
                                              • Opcode ID: 257a3167f9cb81d6ca8b9db4192e373cfe4a8a58c3c317f4b583a81fbd9f060a
                                              • Instruction ID: d4ec60358c58b2c8539cfbfbecf0046348a7dfb87ba4a948e2470fc8572340f5
                                              • Opcode Fuzzy Hash: 257a3167f9cb81d6ca8b9db4192e373cfe4a8a58c3c317f4b583a81fbd9f060a
                                              • Instruction Fuzzy Hash: 5D213BB19003599FDF10CFA9D8856DEFBF5FF48320F10842AE518A7240C7759940CBA5
                                              Function 0709F640 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 385 709f640-709f693 388 709f6a3-709f6d3 Wow64SetThreadContext 385->388 389 709f695-709f6a1 385->389 391 709f6dc-709f70c 388->391 392 709f6d5-709f6db 388->392 389->388 392->391
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0709F6C6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: b383d1fce773ee99a7248a36643d6d82cfbed48e57c0ec4fcc65d9d1e130125c
                                              • Instruction ID: 7eef3cd25229845cef61fe6ac254723658c1c4cf7541e8de0e0113848c125581
                                              • Opcode Fuzzy Hash: b383d1fce773ee99a7248a36643d6d82cfbed48e57c0ec4fcc65d9d1e130125c
                                              • Instruction Fuzzy Hash: AB215CB19003099FDB10CFAAC4857EEFBF4AF48324F14842ED559A7241C779A945CBA5
                                              Function 0519D678 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0519DD6E,?,?,?,?,?), ref: 0519DE2F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2146251487.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5190000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: ee21267c033047e795cf46b215dbb9c567cd900be42c42a06008d6ba7a1f344c
                                              • Instruction ID: dfa053600e16896e5f5bd99e9d4b336df7b6566d359331cca3d215663da9b172
                                              • Opcode Fuzzy Hash: ee21267c033047e795cf46b215dbb9c567cd900be42c42a06008d6ba7a1f344c
                                              • Instruction Fuzzy Hash: 7B21D4B59002099FDB10CF9AD584AEEBBF4EB48310F14841AE914A7350D378A950CFA5
                                              Function 0519DDA0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0519DD6E,?,?,?,?,?), ref: 0519DE2F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2146251487.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5190000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: a808cb62d543c79569361da54421e2bed869e1c037060dd3b8a300dab1af05fe
                                              • Instruction ID: 5ccb291e0ddb44c683fb181856554f95e4d00ceaa895a92c3d8f0ae06f1f575c
                                              • Opcode Fuzzy Hash: a808cb62d543c79569361da54421e2bed869e1c037060dd3b8a300dab1af05fe
                                              • Instruction Fuzzy Hash: 8521E5B59002499FDB10CFAAD584ADEFFF4FB48310F14841AE914A3250D379A950CF65
                                              Function 0706F6A8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                              Download Yara Rule
                                              APIs
                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0706F728
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: MemoryProcessRead
                                              • String ID:
                                              • API String ID: 1726664587-0
                                              • Opcode ID: 666110e48a70706508c4a17315128008439d5a55d86de601f11e199d9025b307
                                              • Instruction ID: 533ec51c494520c1dad02da02479d027b9b4e145eed9aa5c509cbf3f6d1ab488
                                              • Opcode Fuzzy Hash: 666110e48a70706508c4a17315128008439d5a55d86de601f11e199d9025b307
                                              • Instruction Fuzzy Hash: A62128B180034A9FDB10CFAAD885BDEFBF5FF48310F108429E519A7240D779A910CBA5
                                              Function 0709F648 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0709F6C6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: 0da14f6a7fd76994ace91d3a934a0c3dc7443a81943d85e54738cc397c9277a1
                                              • Instruction ID: fe77d1159a1ab5bc03c0fa1c21f49f09708dc89cd8c9389fe955807c62b1bc5b
                                              • Opcode Fuzzy Hash: 0da14f6a7fd76994ace91d3a934a0c3dc7443a81943d85e54738cc397c9277a1
                                              • Instruction Fuzzy Hash: 13212CB1D0030A9FDB10DFAAC4857EEBBF4EF88314F148429D559A7240D778A944CFA5
                                              Function 0709F158 Relevance: 1.6, APIs: 1, Instructions: 56threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 314e6e91d9ee5df5fb9062fa40e174256a905d02eba317273c77921a29befcb4
                                              • Instruction ID: 91428da655a76bb4e7a2a68575c959be9c44a3a6736e16f376286062b8944211
                                              • Opcode Fuzzy Hash: 314e6e91d9ee5df5fb9062fa40e174256a905d02eba317273c77921a29befcb4
                                              • Instruction Fuzzy Hash: 6C1149B190034A8FDB10DFAAD4457DEFFF4AF88224F24846AD559A7240C7796504CB95
                                              Function 0709FB51 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0709FBC6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 89e2b143b27b2ae55c872d752f3bb25720e18243a087831262700c6d28cad595
                                              • Instruction ID: f1b2550412ab3d5b0907e1bc2ce56d8ff5dfe90d9d0efd468d56e1f9c5be0543
                                              • Opcode Fuzzy Hash: 89e2b143b27b2ae55c872d752f3bb25720e18243a087831262700c6d28cad595
                                              • Instruction Fuzzy Hash: 54115C729002499FDF10DF9AD4457DFBBF5AF48320F108419D555A7250C775A550CF91
                                              Function 0709FB58 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0709FBC6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 64b007e14b19896c48f6da846683e5d83780827fab9742c2a3a8c2492657c680
                                              • Instruction ID: 7df7ae3f2485a86494d18c2588462666578781330fc051653bab43a10dd2ec50
                                              • Opcode Fuzzy Hash: 64b007e14b19896c48f6da846683e5d83780827fab9742c2a3a8c2492657c680
                                              • Instruction Fuzzy Hash: 2C1126B290024A9FDF10DFAAC845BDFBBF5AF88320F148819E519A7250C775A950CBA5
                                              Function 0519B294 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0519B8EC), ref: 0519BB26
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2146251487.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5190000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 2f7173f610ac3287dcf1835948ea526f632fcd44489bdc23f482799de39d8934
                                              • Instruction ID: 7af623eb58d6ac80c107e540aea438143e7ded8bc1949a5f8cce4391028cf79f
                                              • Opcode Fuzzy Hash: 2f7173f610ac3287dcf1835948ea526f632fcd44489bdc23f482799de39d8934
                                              • Instruction Fuzzy Hash: C81104B5C087498FCB24CF9AD444B9EFBF4EF48210F10841AD41AB7240D3B9A545CFA5
                                              Function 0709F160 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 64ec57fa9eb1eeb0fa2461b8c14a6453a16200292af750554e27cfa0ce4af9dd
                                              • Instruction ID: ba1f3f6cea5fc76dd441d8d40bba466735ef0cbfc0090fe03333a16529bb0992
                                              • Opcode Fuzzy Hash: 64ec57fa9eb1eeb0fa2461b8c14a6453a16200292af750554e27cfa0ce4af9dd
                                              • Instruction Fuzzy Hash: D0110AB1900349CFDB10DFAAC44579EFBF5AF88724F24841AD519A7240CB79A944CBA5
                                              Function 07413748 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • PostMessageW.USER32(?,?,?,?), ref: 074137AD
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2164510896.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7410000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: MessagePost
                                              • String ID:
                                              • API String ID: 410705778-0
                                              • Opcode ID: c7b097a5afdfd9c54a0fb30ec29ec4daa4f1dec0e3a6893c15c88bb9c5d16196
                                              • Instruction ID: 8b5a78bffa6030076674345b16789954f8777a82c74b8d07175a0b7ce3d0708b
                                              • Opcode Fuzzy Hash: c7b097a5afdfd9c54a0fb30ec29ec4daa4f1dec0e3a6893c15c88bb9c5d16196
                                              • Instruction Fuzzy Hash: DD1125B58003499FDB10DF9AD584BDEFFF8EB48720F24840AD558A7200C3B5A544CFA1
                                              Function 07413750 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • PostMessageW.USER32(?,?,?,?), ref: 074137AD
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2164510896.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7410000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: MessagePost
                                              • String ID:
                                              • API String ID: 410705778-0
                                              • Opcode ID: e14db7ae2cd19c60f35e2ada2020af0e7db00cc636fc8b23eea701af96ef9438
                                              • Instruction ID: 19a840c529797e3b66b0acaba40773f64d937e2e3c95492ea84691e1273a2eef
                                              • Opcode Fuzzy Hash: e14db7ae2cd19c60f35e2ada2020af0e7db00cc636fc8b23eea701af96ef9438
                                              • Instruction Fuzzy Hash: F011D3B58003499FDB10DF9AD985BDEFBF8EB48720F20841AD519A7240C3B9A944CFA5
                                              Function 0130D3D8 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2138619994.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_130d000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4996b8aaffcdf0bdfcff06d7c835eb8b3b81d29102592e7f1dc8f2d4c1c11588
                                              • Instruction ID: e58a4299439e9da122d924d04e1139fd8414e0441cbb5af40eb0f2e298ea6fbc
                                              • Opcode Fuzzy Hash: 4996b8aaffcdf0bdfcff06d7c835eb8b3b81d29102592e7f1dc8f2d4c1c11588
                                              • Instruction Fuzzy Hash: ED213A76504204DFDB06DF94D9C0B66BFE5FB84328F20C16DE90A1B296C736E456CBA2
                                              Function 0130D4C4 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2138619994.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_130d000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 51341f02d9a5ef541ebd45b762e8e166834c1f266f57049cc533cef4f6dd024d
                                              • Instruction ID: ece64bbdece46e1803ad351235dfa639d3367396b7ffbda4d17a16bed33fe32b
                                              • Opcode Fuzzy Hash: 51341f02d9a5ef541ebd45b762e8e166834c1f266f57049cc533cef4f6dd024d
                                              • Instruction Fuzzy Hash: 5D210372504244EFDB06DF98D9D0B26BFE5FB8831CF20C569ED090B696C336D456CAA1
                                              Function 02ACD01C Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2138838291.0000000002ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ACD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2acd000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 72a1b3dcefedf5166bff618661ed6d299393cbd2d43a7ada726074274b494ee6
                                              • Instruction ID: a51241061cc9293be55143313fa43cacc50bbfff3fe361547c0c55e1871e4264
                                              • Opcode Fuzzy Hash: 72a1b3dcefedf5166bff618661ed6d299393cbd2d43a7ada726074274b494ee6
                                              • Instruction Fuzzy Hash: 7221FF75604A00EFDB14DF18D9C0B26BBA1FB84324F30C57DD90A0B256CB7AD806CA61
                                              Function 02ACD1D4 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2138838291.0000000002ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ACD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2acd000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0156e2b26aa66b378020be765d53dad8c36b06539dc3cfb2a8cf80f1c1813d0b
                                              • Instruction ID: 6ada6fa4271f26b5ea296334d5d727611e7c2957587585ed245b6a6be34d3021
                                              • Opcode Fuzzy Hash: 0156e2b26aa66b378020be765d53dad8c36b06539dc3cfb2a8cf80f1c1813d0b
                                              • Instruction Fuzzy Hash: 1E2104B5504604EFDB05DF14D9C0B26FBA5FB88314F30C57DE90A4B25ACB76D446CA61
                                              Function 02ACD006 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2138838291.0000000002ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ACD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2acd000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 04f65953b37ebbf3131dcdeec66d4e00a5c4390bad8a8c06df9ba73f50c9f270
                                              • Instruction ID: 90e931afdf4283d0378a14e367e10efd4e0e8f7881071fd888a638064c6409cf
                                              • Opcode Fuzzy Hash: 04f65953b37ebbf3131dcdeec66d4e00a5c4390bad8a8c06df9ba73f50c9f270
                                              • Instruction Fuzzy Hash: 83214F755097809FCB12CF24D5D4715BF71EB46214F28C5EAD8498B6A7C33A940ACB62
                                              Function 0130D4BF Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2138619994.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_130d000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                              • Instruction ID: e1fb4bd84ba45b8ab33a5fcfed0f29ea18d0e68a160812f16448bed1ade22cd7
                                              • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                              • Instruction Fuzzy Hash: C711AF76504284CFCB16CF54D5C4B16BFB1FB88318F24C6A9DC490B696C33AD45ACBA1
                                              Function 0130D3D3 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2138619994.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_130d000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                              • Instruction ID: 835034a9d04b4a6a6f02cb6ba364facfec9c56f4b26be9fab16e5b899c677546
                                              • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                              • Instruction Fuzzy Hash: 771126B6404280CFCB02CF84D5C0B56BFB1FB84328F24C2A9D8090B257C33AE456CBA1
                                              Function 02ACD1CF Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2138838291.0000000002ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ACD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2acd000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                              • Instruction ID: 16e97ac38d27d1ab82f132eb90176cb54d17ecdce86a1384972668eeb0b34016
                                              • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                              • Instruction Fuzzy Hash: AA119DB6504684DFCB15CF10D9C4B15FBB1FB84318F24C6AED8494B6AAC33AD44ACB61
                                              Function 0130D731 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2138619994.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_130d000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 515a2e9bcebb7f742d40f10c0e9cb22d04f37d38b4bc5434ad282b4385f0082f
                                              • Instruction ID: 5cd2b8ed8f788ef3ff4151cdbd95da2df9f81bddd3ddca2c7f2235f6b607ef47
                                              • Opcode Fuzzy Hash: 515a2e9bcebb7f742d40f10c0e9cb22d04f37d38b4bc5434ad282b4385f0082f
                                              • Instruction Fuzzy Hash: 3001F7714043889AF7124EE9CDC0766FFDCDF80B28F18C41AEE094A1D2C6B89840C6B1
                                              Function 0130D730 Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2138619994.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_130d000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 070d173c3cf8c53edb2d1175d6c5bba6f438a97f253904f321db91c732203270
                                              • Instruction ID: 98a34480078f47347ecd05aac5d0084bdc5fbc1d659247a5c1471352e44b66b5
                                              • Opcode Fuzzy Hash: 070d173c3cf8c53edb2d1175d6c5bba6f438a97f253904f321db91c732203270
                                              • Instruction Fuzzy Hash: 25F062724053849EE7118E59D9C4B66FFD8EB81738F18C55AED095E282C2799844CAB1

                                              Non-executed Functions

                                              Function 07094A50 Relevance: 6.5, Strings: 5, Instructions: 282COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: H4ux$H4ux$H4ux$nay$nay
                                              • API String ID: 0-1200253175
                                              • Opcode ID: e473afd2f76eb5c7649dbb95e861e9294e752026c6bd7f04d9e825e590b321cc
                                              • Instruction ID: cd3ce0a1cccf17dac648335baa3db0e582753794e827b38d7b44dd491542c468
                                              • Opcode Fuzzy Hash: e473afd2f76eb5c7649dbb95e861e9294e752026c6bd7f04d9e825e590b321cc
                                              • Instruction Fuzzy Hash: 80C158B4E15259CFDB54CFA9D980AAEFBB2FF89300F148269E418AB355D7309942CF50
                                              Function 07091D18 Relevance: 5.2, Strings: 4, Instructions: 174COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %O@8$%O@8$tQ=)$tQ=)
                                              • API String ID: 0-749352435
                                              • Opcode ID: e35334a0d307f6effe705b7e53795667675227961e6abbfaed174424ba8d583b
                                              • Instruction ID: 39438d5f2be56a76e6ceb039e42723b216124505f476b29d0c3cb661c611dd28
                                              • Opcode Fuzzy Hash: e35334a0d307f6effe705b7e53795667675227961e6abbfaed174424ba8d583b
                                              • Instruction Fuzzy Hash: CC71D1B4E1120A9FCB44CF99D58499EFBF1FF89350F14866AE425AB360D730AA41CF50
                                              Function 070928C8 Relevance: 5.2, Strings: 4, Instructions: 162COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 18'$18'$aY$aY
                                              • API String ID: 0-3687307736
                                              • Opcode ID: 891db1d5bb75d312b57071d21ea8f0735429b3c8f9025cb2cf6de3e768a7220c
                                              • Instruction ID: b433ad00fe79012e5585e012c755c9e2ace3f3e3189f0bc1a157da0e4c637079
                                              • Opcode Fuzzy Hash: 891db1d5bb75d312b57071d21ea8f0735429b3c8f9025cb2cf6de3e768a7220c
                                              • Instruction Fuzzy Hash: 3B71F2B4E1420ADFCF04CF99C5809AEFBB1BF49210F14862AD425AB315D334AA82CF95
                                              Function 07094A41 Relevance: 4.0, Strings: 3, Instructions: 276COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: H4ux$H4ux$H4ux
                                              • API String ID: 0-2732375326
                                              • Opcode ID: 1f162e65223ca29c374e6a24fba3ca0e08e13dd79279ca27908bbacd7b8df0fe
                                              • Instruction ID: 75cd40e4dda1a0eeb3495971a60e64a281f90fac600a9520e8164821e43360bc
                                              • Opcode Fuzzy Hash: 1f162e65223ca29c374e6a24fba3ca0e08e13dd79279ca27908bbacd7b8df0fe
                                              • Instruction Fuzzy Hash: 0EC16CB4E11259CFDF54CFA9D980AAEBBF2BF89300F14926AE418A7355D7309942CF50
                                              Function 070933EA Relevance: 4.0, Strings: 3, Instructions: 246COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ,uRR$6yu[$6yu[
                                              • API String ID: 0-86511755
                                              • Opcode ID: 17973394823f657e0da052673ad684c3ef0e6221cfeae83edf424be750af8d8f
                                              • Instruction ID: 4659577f501075362e78fd332967970c800020876a489af8bbdf77b1bb802b19
                                              • Opcode Fuzzy Hash: 17973394823f657e0da052673ad684c3ef0e6221cfeae83edf424be750af8d8f
                                              • Instruction Fuzzy Hash: 87B104B4E1520ADFCF04CFA9C5815DEFBF2FB89210F24956AD425B7254D7309A428F64
                                              Function 07091D08 Relevance: 3.9, Strings: 3, Instructions: 178COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %O@8$tQ=)$tQ=)
                                              • API String ID: 0-2920369752
                                              • Opcode ID: 0405be72aac4327ade1b09f40fe6d6eac2df155bb6cbcd69bbc106a1ae3ee657
                                              • Instruction ID: 41fbbf44e339a2294d5541283ef674c0103cf4da7e26509f4ac181c6b6094506
                                              • Opcode Fuzzy Hash: 0405be72aac4327ade1b09f40fe6d6eac2df155bb6cbcd69bbc106a1ae3ee657
                                              • Instruction Fuzzy Hash: C07101B5E1120A9FCB44CFA9D58499EFBF1FF89250F148666E425EB360D730AA41CF50
                                              Function 070933F0 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ,uRR$6yu[$6yu[
                                              • API String ID: 0-86511755
                                              • Opcode ID: 8ab2474ef9ac0b89f59c294294a48250a80c18a2f807301d3d137eb7d51e36c7
                                              • Instruction ID: b40c3cc9c4e1ac9379ef247c870000a8c54fa53b84afa9da3a1ad4a3ebba9b22
                                              • Opcode Fuzzy Hash: 8ab2474ef9ac0b89f59c294294a48250a80c18a2f807301d3d137eb7d51e36c7
                                              • Instruction Fuzzy Hash: 8D4106B0E1520ADBCF08CFA9C9815AEFBF2FF89300F60D169C514A7254D7749A428F94
                                              Function 07096099 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 9u"K$Zjsq
                                              • API String ID: 0-1261923490
                                              • Opcode ID: 13e751619c79d8f37816155764afb307a0a19b2e16589d1a82d4dadc79e0e8ed
                                              • Instruction ID: 22bb1d18f16055f1804b4d6f5fdfcdd212c683bf0b75768c9040b7471dd4d8a7
                                              • Opcode Fuzzy Hash: 13e751619c79d8f37816155764afb307a0a19b2e16589d1a82d4dadc79e0e8ed
                                              • Instruction Fuzzy Hash: 8DC1C3B0E15219DFCB18CFAAD58059EFBF2BB89300F14D62AE419AB365D7349942CF50
                                              Function 070960A8 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 9u"K$Zjsq
                                              • API String ID: 0-1261923490
                                              • Opcode ID: d6c5331da309d4b335934daebdd5b3f83f33a46a93ad8c7e4e7e45167982395f
                                              • Instruction ID: 52700b4bac892e991d2f2fc5d9a8153c54ef11e0219e33e88ed1004647f2ef03
                                              • Opcode Fuzzy Hash: d6c5331da309d4b335934daebdd5b3f83f33a46a93ad8c7e4e7e45167982395f
                                              • Instruction Fuzzy Hash: 2AC1C4B0E15219DBCB18CFAAD58059EFBF2BF89300F14D62AE419AB365D7349942CF50
                                              Function 07094138 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \~$$or
                                              • API String ID: 0-2796768027
                                              • Opcode ID: 9792a407f34617e572a4eb15dcbde66e9e985a0d6bee48c3cc88cf6a07578d0d
                                              • Instruction ID: 538d3406f236b991ceac42aa8866e6c32e37404b38fe7d607ee9b641665fca07
                                              • Opcode Fuzzy Hash: 9792a407f34617e572a4eb15dcbde66e9e985a0d6bee48c3cc88cf6a07578d0d
                                              • Instruction Fuzzy Hash: CF6126B4E15319CFCF08CFA5D5415AEFBF2AF89300F20952AE425AB394D7389A428F50
                                              Function 07094148 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \~$$or
                                              • API String ID: 0-2796768027
                                              • Opcode ID: f24213f6a18e656d9e0a6d819e65ffd51913c0a2d9dacc003f083b4f67b0dcbd
                                              • Instruction ID: 7e3fe12718bbfe20352554bf051870b34a61599afea4c086a28322c4da59ad48
                                              • Opcode Fuzzy Hash: f24213f6a18e656d9e0a6d819e65ffd51913c0a2d9dacc003f083b4f67b0dcbd
                                              • Instruction Fuzzy Hash: 896127B4E15319DBCF08CFA6D5815AEFBF6BF89340F20952AE425A7354D7349A028F50
                                              Function 070928C7 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 18'$aY
                                              • API String ID: 0-535677718
                                              • Opcode ID: ac0cdad050725e14cb100cc7af6869002202eca4c3044975430b68f3d4ba4600
                                              • Instruction ID: dbf61e8d5f66a64e8319a842870488d64cd64f077a21a7eb703250007643dd9f
                                              • Opcode Fuzzy Hash: ac0cdad050725e14cb100cc7af6869002202eca4c3044975430b68f3d4ba4600
                                              • Instruction Fuzzy Hash: 2C61E2B4E1520ADFCF04CFA9C5819AEFBF2BF49210F14862AD415A7315D334AA82DF95
                                              Function 0706ED30 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ]]o
                                              • API String ID: 0-2636374853
                                              • Opcode ID: a1f56260f70814956c5bfccb87eb028b5df73b965cc1c3991106a6230d55ee0b
                                              • Instruction ID: 1f305d63426185228186d6a351179a39f253d873d4c69316aceaded23d4419e6
                                              • Opcode Fuzzy Hash: a1f56260f70814956c5bfccb87eb028b5df73b965cc1c3991106a6230d55ee0b
                                              • Instruction Fuzzy Hash: 887115B8E1520ADFCB04CF99D4949AEFBB2FF89310F14852AE915A7324D7349A41CF94
                                              Function 0706ED20 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ]]o
                                              • API String ID: 0-2636374853
                                              • Opcode ID: ad98808d29c31d4d9075ac95e8b51f2ac64c663ef83493ddee5953c7ab8cf1ce
                                              • Instruction ID: c34365268d61303413048ca01b6ec24ebc4e6f90ca07482d76c9fb5bd72fe0f8
                                              • Opcode Fuzzy Hash: ad98808d29c31d4d9075ac95e8b51f2ac64c663ef83493ddee5953c7ab8cf1ce
                                              • Instruction Fuzzy Hash: E06128B8E1020ADFCB04CF99C495AAEFBF2FF99310F148526D915A7354D3349A418F94
                                              Function 07093C60 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: i#)6
                                              • API String ID: 0-3600651614
                                              • Opcode ID: d47f1ee23f5bef2deed4a659276ae7e7c9228ae9fcc9454df3f95ddf2cd8865b
                                              • Instruction ID: 52249a1e499cd77c145263d5f760ad50529c4fc549752ccbb284de555b00c9db
                                              • Opcode Fuzzy Hash: d47f1ee23f5bef2deed4a659276ae7e7c9228ae9fcc9454df3f95ddf2cd8865b
                                              • Instruction Fuzzy Hash: DC4147B0E1660A9BCB48CFA6D5426AEFBF2AF89200F20952AC015A7254D3349B45CF95
                                              Function 07093C70 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: i#)6
                                              • API String ID: 0-3600651614
                                              • Opcode ID: 701f98fa978966189a7ecad8d4fa5fb9e8c41d3edd7eeabda5eab16dd8b426a9
                                              • Instruction ID: f6bffc59a293b60fd886e92c5c9d3e4a268c42f2306398f6cf81c45d1fcc23f8
                                              • Opcode Fuzzy Hash: 701f98fa978966189a7ecad8d4fa5fb9e8c41d3edd7eeabda5eab16dd8b426a9
                                              • Instruction Fuzzy Hash: 014127B0E1660ADBCB08CFA6D5426AEFBF2EF89300F20952AC015A7254D3349B45CF95
                                              Function 074151B0 Relevance: .4, Instructions: 363COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2164510896.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7410000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 12c7c14c079c9b00acd67a326143a60de3b2c2104e21bf9774f0b856a39bd17f
                                              • Instruction ID: abc680265273c46085324788c4a147f7fd130f745413807923b33ac1375c19cb
                                              • Opcode Fuzzy Hash: 12c7c14c079c9b00acd67a326143a60de3b2c2104e21bf9774f0b856a39bd17f
                                              • Instruction Fuzzy Hash: 76D187B1B006058FDB19EB7AC564BAFB7F6AFC9200F14846ED14A9B391DB34E901CB51
                                              Function 0709D0E0 Relevance: .3, Instructions: 320COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9376651892232c27fce6e575d6a28f74f1b6ac50b30d2fce19a3c58d182dae73
                                              • Instruction ID: 4c426de2ad633f8563c4d4cd9c61db47607b998d34cafcf83a8b7bb5341caa01
                                              • Opcode Fuzzy Hash: 9376651892232c27fce6e575d6a28f74f1b6ac50b30d2fce19a3c58d182dae73
                                              • Instruction Fuzzy Hash: A4E12BB4E042599FDB14DFA8C580AAEFBF2FF89304F248269D414AB355D730A942CF60
                                              Function 0709F720 Relevance: .3, Instructions: 312COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1da56d631d47cdfc3ace895a6b792a4164449e17ef2680aaff014cb1d142f91c
                                              • Instruction ID: fa181a87d246155e0f6fbbb11af3c04907125e35195a973d1b5785e188f9be46
                                              • Opcode Fuzzy Hash: 1da56d631d47cdfc3ace895a6b792a4164449e17ef2680aaff014cb1d142f91c
                                              • Instruction Fuzzy Hash: 97E11CB4E1025A8FDB14DFA9C590AAEFBF2FF89304F248269D414A7355D730A942CF60
                                              Function 0709D530 Relevance: .3, Instructions: 312COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8398c21297f4159eb32e21f54e1bbd2cf9675142706723eaac00792bdec4547f
                                              • Instruction ID: 1a30319f08324549a5bb30f98e83db1c2ab34b4cd76ac063850d2011473215a0
                                              • Opcode Fuzzy Hash: 8398c21297f4159eb32e21f54e1bbd2cf9675142706723eaac00792bdec4547f
                                              • Instruction Fuzzy Hash: 14E10CB4E102598FDB14DFA9C590AAEFBF2FF89304F248269D414A7359D730A942DF60
                                              Function 0709F210 Relevance: .3, Instructions: 312COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eca19d078d8992a49a97680902c6a1ebb6dfe707846e0016bee177dd110da323
                                              • Instruction ID: c2d6cb731b97e9ae603132b0dd63e531247b4b9c5333865c35e888d7493bedb3
                                              • Opcode Fuzzy Hash: eca19d078d8992a49a97680902c6a1ebb6dfe707846e0016bee177dd110da323
                                              • Instruction Fuzzy Hash: 27E1FAB4E1025A9FDB14DFA9C580AAEFBF2BF89304F24C269D414A7355D770A942CF60
                                              Function 0709D968 Relevance: .3, Instructions: 312COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a03c8d7ea56fee1584e6e850c0a55033f88877e0570ed75c5c50b896e36c3993
                                              • Instruction ID: 5cce042c4d8c88485177c5009605a2afdb4f534fc85195a84386f73e53c89242
                                              • Opcode Fuzzy Hash: a03c8d7ea56fee1584e6e850c0a55033f88877e0570ed75c5c50b896e36c3993
                                              • Instruction Fuzzy Hash: 81E11CB4E002599FDB14DFA9C580AAEFBF2FF89304F248269D414A7355D770A942DFA0
                                              Function 0519E704 Relevance: .3, Instructions: 264COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2146251487.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5190000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9ef71bbd709e9c4d887cf2f7071f1c99032d49e5dd5f6fbb882535e1602b5a4d
                                              • Instruction ID: b1ff2a7151bfed38d8f4c04c8ecdde918c4d9153a2f743713449e274726dca57
                                              • Opcode Fuzzy Hash: 9ef71bbd709e9c4d887cf2f7071f1c99032d49e5dd5f6fbb882535e1602b5a4d
                                              • Instruction Fuzzy Hash: 9FA19136F00219DFCF19DFB4D4845AEBBB6FF85300B15456AE806AB261DB31E956CB80
                                              Function 070600B9 Relevance: .2, Instructions: 213COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 71c2e18014911414d0eac69c43606fc977ef124724b5e50d4421b0be5587c4c2
                                              • Instruction ID: fec0be2b6cfacca21dd428502c819df0a1b2c48e81608477b69a0ec9eace7438
                                              • Opcode Fuzzy Hash: 71c2e18014911414d0eac69c43606fc977ef124724b5e50d4421b0be5587c4c2
                                              • Instruction Fuzzy Hash: 829153B3C44A28CFD7089657CD6AA8277D9DB76324B467346C2285B2F2F6A82141DE81
                                              Function 07093168 Relevance: .2, Instructions: 169COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c8a15d018e5d1f8e31753e616e85005f6bfb8505a29b4f68842aee0863bf91b5
                                              • Instruction ID: 47b12531e23fe33f0662da721140d0b4f3aa1afb7839e25646b91529d82eda05
                                              • Opcode Fuzzy Hash: c8a15d018e5d1f8e31753e616e85005f6bfb8505a29b4f68842aee0863bf91b5
                                              • Instruction Fuzzy Hash: 3661F2B4E15209CFCF08CFA9C5805DEFBF2BF8A210F24952AD425B7364D6349A428F64
                                              Function 07093178 Relevance: .2, Instructions: 167COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 58743a08972201eca87901b98b497be0add386002ed2a1688b49c52254f03c50
                                              • Instruction ID: d1342a3295a7bc923cc18d5cecd1559b8e027c5177c58887fc76bd407fc8a6ed
                                              • Opcode Fuzzy Hash: 58743a08972201eca87901b98b497be0add386002ed2a1688b49c52254f03c50
                                              • Instruction Fuzzy Hash: AB71B1B4E15209DFCF08CFA9C5815DEFBF2AB8A210F24952AD425B7364D7349A428F64
                                              Function 0709F710 Relevance: .1, Instructions: 139COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 816a52b277e2a465c40899c96ed6498dd73c5c26d0e09b1b8b7be257c49b0344
                                              • Instruction ID: e5115aae7b982da2a26c894bf96992849a875cede766a8f3e9b4b9d473322312
                                              • Opcode Fuzzy Hash: 816a52b277e2a465c40899c96ed6498dd73c5c26d0e09b1b8b7be257c49b0344
                                              • Instruction Fuzzy Hash: D7510EB1E1025A8FDB54CFA9C9845AEFBF2FF89304F248269D418A7355D730A942CF61
                                              Function 07094580 Relevance: .1, Instructions: 136COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ee4afae0191085e433ddd518a7702e33b8c280a0688f29dc26b69492ae898df9
                                              • Instruction ID: 26bde87253c95cfd7f0862f5b8639841806e8da8cbcc6e307a02e05f00aeca5e
                                              • Opcode Fuzzy Hash: ee4afae0191085e433ddd518a7702e33b8c280a0688f29dc26b69492ae898df9
                                              • Instruction Fuzzy Hash: F85113B5D1425AABCF08CFE6D4405EFBBF2AB8A240F14952AD425B7214E33896428F65
                                              Function 07094590 Relevance: .1, Instructions: 135COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dee92718ad2d47f63160c329027e39f191ad6709ed17fb34dd89c29984e753fb
                                              • Instruction ID: 7e9148af6951f84c64ccc38676fd5d2c48e4b7df5a06e3f951240bca1a328ab1
                                              • Opcode Fuzzy Hash: dee92718ad2d47f63160c329027e39f191ad6709ed17fb34dd89c29984e753fb
                                              • Instruction Fuzzy Hash: 015107B4D15659EFCF04CFE6D4401EFFBF2EB8A240F10952AD425B6214E33896428F65
                                              Function 0706E8D8 Relevance: .1, Instructions: 123COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca49363265d6b1e99a87ec85fbacb8981393e9f35df13aa3cc383e2979b5b532
                                              • Instruction ID: 41157252c9060f7ebea10a22159c024130cea271b26321f5634d340780f5afcc
                                              • Opcode Fuzzy Hash: ca49363265d6b1e99a87ec85fbacb8981393e9f35df13aa3cc383e2979b5b532
                                              • Instruction Fuzzy Hash: CD4108B4E142198FDB08CFAAD8546AEFBF2FF89300F14D16AD415A7250DB349941CF65
                                              Function 0706E8E8 Relevance: .1, Instructions: 121COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5542c7b2de2f548785a3abd14a188ec9f951cd53b90d100165b317fc2278827b
                                              • Instruction ID: 0eb4490455b2e10d2c0209772310a7e394914c07b745bb06668ae644dd525f83
                                              • Opcode Fuzzy Hash: 5542c7b2de2f548785a3abd14a188ec9f951cd53b90d100165b317fc2278827b
                                              • Instruction Fuzzy Hash: 704135B4E042198FDB08CFAAD5546AEFBF2BF88300F14D22AD419B7250EB349941CF65
                                              Function 07092F48 Relevance: .1, Instructions: 110COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63f61428e9b9801f5efbd508380193827eb2675f4823c283565b2709588669a9
                                              • Instruction ID: 7cc4b60f7a292bba6d7cdcd74b2e19aa1a2509c56e89e7dd7c4568891112b687
                                              • Opcode Fuzzy Hash: 63f61428e9b9801f5efbd508380193827eb2675f4823c283565b2709588669a9
                                              • Instruction Fuzzy Hash: 594118B0E1520A9FCF48CFAAC4519AEFBF2BF89300F24C16AD415E7254E7349A418F94
                                              Function 07092F58 Relevance: .1, Instructions: 107COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163717011.0000000007090000.00000040.00000800.00020000.00000000.sdmp, Offset: 07090000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7090000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a613afd23e21b8f280193c5fbf179aab944c0e35dd36f991c8849c8651bf590a
                                              • Instruction ID: 3b7da1062be0d3020ffeb29391541c9735b3d8554d4ea6ae9899b2652c18d775
                                              • Opcode Fuzzy Hash: a613afd23e21b8f280193c5fbf179aab944c0e35dd36f991c8849c8651bf590a
                                              • Instruction Fuzzy Hash: A641F8B0E1560A9FCF44CFAAC5915AEFBF2BF89300F24C16AC415E7254E7349A418F95
                                              Function 0706D238 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163200106.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_7060000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3f61f6d9281235936959380e5da96ab6a51f4ee974b243db0a5ca2e3f88bd068
                                              • Instruction ID: e8f29fbcc27c3e2b9d1b5dc44a239569f85c9dd4055c8f60d95111cc86f43ada
                                              • Opcode Fuzzy Hash: 3f61f6d9281235936959380e5da96ab6a51f4ee974b243db0a5ca2e3f88bd068
                                              • Instruction Fuzzy Hash: F911FEB1E006199BEB5CCF6BC85479EFAF3AFC8300F08C17AD818A6258EB3445468F55

                                              Execution Graph

                                              Execution Coverage:11.2%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:17
                                              Total number of Limit Nodes:5
                                              execution_graph 23710 152099b 23711 152091b 23710->23711 23712 152084e 23710->23712 23712->23711 23714 1521382 23712->23714 23716 152138b 23714->23716 23715 1521484 23715->23712 23716->23715 23718 1527eb8 23716->23718 23719 1527ec2 23718->23719 23720 1527edc 23719->23720 23723 6defa48 23719->23723 23727 6defa39 23719->23727 23720->23716 23725 6defa5d 23723->23725 23724 6defc72 23724->23720 23725->23724 23726 6defc89 GlobalMemoryStatusEx GlobalMemoryStatusEx 23725->23726 23726->23725 23728 6defa5d 23727->23728 23729 6defc72 23728->23729 23730 6defc89 GlobalMemoryStatusEx GlobalMemoryStatusEx 23728->23730 23729->23720 23730->23728

                                              Executed Functions

                                              Function 06DE55C0 Relevance: 1.8, Strings: 1, Instructions: 600COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 645 6de55c0-6de55dd 646 6de55df-6de55e2 645->646 647 6de55e4-6de55ea 646->647 648 6de55f5-6de55f8 646->648 651 6de56d9-6de56dc 647->651 652 6de55f0 647->652 649 6de55ff-6de5602 648->649 650 6de55fa-6de55fc 648->650 653 6de5604-6de5608 649->653 654 6de5613-6de5616 649->654 650->649 655 6de56e1-6de56e4 651->655 652->648 656 6de560e 653->656 657 6de577d-6de578a 653->657 660 6de5618-6de5622 654->660 661 6de5630-6de5633 654->661 658 6de56aa-6de56b0 655->658 659 6de56e6-6de56e9 655->659 656->654 666 6de572a-6de5730 658->666 667 6de56b2 658->667 662 6de56fc-6de56ff 659->662 663 6de56eb-6de56f1 659->663 671 6de5629-6de562b 660->671 664 6de564c-6de564f 661->664 665 6de5635-6de5647 661->665 669 6de5725-6de5728 662->669 670 6de5701-6de5720 662->670 663->660 668 6de56f7 663->668 673 6de565d-6de5660 664->673 674 6de5651-6de5658 664->674 665->664 675 6de578b-6de57bb 666->675 676 6de5732-6de573a 666->676 672 6de56b7-6de56ba 667->672 668->662 669->666 680 6de5754-6de5757 669->680 670->669 671->661 678 6de56bc-6de56bd 672->678 679 6de56c2-6de56c5 672->679 681 6de5676-6de5679 673->681 682 6de5662-6de5671 673->682 674->673 701 6de57c5-6de57c8 675->701 676->675 683 6de573c-6de5749 676->683 678->679 679->663 691 6de56c7-6de56ca 679->691 685 6de576b-6de576d 680->685 686 6de5759-6de5766 680->686 687 6de567b-6de5684 681->687 688 6de5685-6de5688 681->688 682->681 683->675 684 6de574b-6de574f 683->684 684->680 695 6de576f 685->695 696 6de5774-6de5777 685->696 686->685 693 6de568a-6de56a0 688->693 694 6de56a5-6de56a8 688->694 697 6de56cc-6de56cf 691->697 698 6de56d4-6de56d7 691->698 693->694 694->658 694->672 695->696 696->646 696->657 697->698 698->651 698->655 703 6de57ea-6de57ed 701->703 704 6de57ca-6de57ce 701->704 705 6de580f-6de5812 703->705 706 6de57ef-6de57f3 703->706 707 6de57d4-6de57dc 704->707 708 6de58b2-6de58ec 704->708 711 6de582a-6de582d 705->711 712 6de5814-6de5825 705->712 706->708 710 6de57f9-6de5801 706->710 707->708 709 6de57e2-6de57e5 707->709 725 6de58ee-6de58f1 708->725 709->703 710->708 714 6de5807-6de580a 710->714 715 6de583e-6de5841 711->715 716 6de582f-6de5839 711->716 712->711 714->705 718 6de584b-6de584e 715->718 719 6de5843-6de584a 715->719 716->715 720 6de5868-6de586b 718->720 721 6de5850-6de5854 718->721 726 6de586d-6de5871 720->726 727 6de5885-6de5888 720->727 721->708 724 6de5856-6de585e 721->724 724->708 728 6de5860-6de5863 724->728 729 6de5964-6de5af8 725->729 730 6de58f3-6de58f6 725->730 726->708 731 6de5873-6de587b 726->731 732 6de588a-6de5891 727->732 733 6de5898-6de589a 727->733 728->720 795 6de5afe-6de5b05 729->795 796 6de5c31-6de5c44 729->796 734 6de58f8-6de5909 730->734 735 6de5914-6de5917 730->735 731->708 736 6de587d-6de5880 731->736 737 6de58aa-6de58b1 732->737 738 6de5893 732->738 739 6de589c 733->739 740 6de58a1-6de58a4 733->740 748 6de590f 734->748 749 6de5ca6-6de5cb7 734->749 742 6de5919-6de592a 735->742 743 6de5935-6de5938 735->743 736->727 738->733 739->740 740->701 740->737 754 6de5c4c-6de5c5f 742->754 755 6de5930 742->755 745 6de593a-6de594b 743->745 746 6de5956-6de5959 743->746 757 6de5c78-6de5c7f 745->757 758 6de5951 745->758 746->729 747 6de595b-6de595e 746->747 747->729 753 6de5c47-6de5c4a 747->753 748->735 749->757 761 6de5cb9 749->761 753->754 759 6de5c62-6de5c65 753->759 755->743 765 6de5c84-6de5c87 757->765 758->746 763 6de5c67-6de5c6e 759->763 764 6de5c73-6de5c76 759->764 766 6de5cbe-6de5cc1 761->766 763->764 764->757 764->765 767 6de5c89-6de5c9a 765->767 768 6de5ca1-6de5ca4 765->768 770 6de5ccb-6de5ccd 766->770 771 6de5cc3-6de5cc8 766->771 767->757 777 6de5c9c 767->777 768->749 768->766 772 6de5ccf 770->772 773 6de5cd4-6de5cd7 770->773 771->770 772->773 773->725 776 6de5cdd-6de5ce6 773->776 777->768 797 6de5b0b-6de5b3e 795->797 798 6de5bb9-6de5bc0 795->798 809 6de5b43-6de5b84 797->809 810 6de5b40 797->810 798->796 800 6de5bc2-6de5bf5 798->800 811 6de5bfa-6de5c27 800->811 812 6de5bf7 800->812 820 6de5b9c-6de5ba3 809->820 821 6de5b86-6de5b97 809->821 810->809 811->776 812->811 823 6de5bab-6de5bad 820->823 821->776 823->776
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $
                                              • API String ID: 0-3993045852
                                              • Opcode ID: 471af7d2d4ff52cecadb2cd4b666f6c1143c61e1630f47e13556562760e1ac8a
                                              • Instruction ID: b55fea7f5cccdbd3cae7deed1d0d6938339f356b053bbe63c0f075e639232042
                                              • Opcode Fuzzy Hash: 471af7d2d4ff52cecadb2cd4b666f6c1143c61e1630f47e13556562760e1ac8a
                                              • Instruction Fuzzy Hash: B822D335F012158FDF64EBA4E4906AEBBB2EF84358F24846AD446EB344DB36DC41CB90
                                              Function 06DE2378 Relevance: 1.0, Instructions: 1005COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9e818b2345282184493fbb08729ff956d326f5e849b77b5df8b2bbc99185da75
                                              • Instruction ID: 6c5b8a7dce888cbe6e4b57e6f6c8314b0f3c1088e7a7dc6ec2838db0d0379fda
                                              • Opcode Fuzzy Hash: 9e818b2345282184493fbb08729ff956d326f5e849b77b5df8b2bbc99185da75
                                              • Instruction Fuzzy Hash: A5924530E00204CFDBA4EF68C584A6DB7B6FB89314F5584AAD4099B362DB75ED81CF90
                                              Function 06DEC198 Relevance: .6, Instructions: 645COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 803358740a2bd98358b9d7ccb4192ea2ae2f23dc7b9e0ff3a2f23eaa1ef26161
                                              • Instruction ID: 4f9edc699da549bc810f3b6dd7aae4ef9d1daca99b84d61169cd7962c138fee1
                                              • Opcode Fuzzy Hash: 803358740a2bd98358b9d7ccb4192ea2ae2f23dc7b9e0ff3a2f23eaa1ef26161
                                              • Instruction Fuzzy Hash: 0D328430B112099FDB54EB68E984BAEB7F2FB88310F108529E515EB351DB35EC42CB91
                                              Function 06DEB23F Relevance: .6, Instructions: 575COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b2b5e5a61c0cdd6602ca9b51e8d5f37c860f0bc66e9af2d71d45df526eede184
                                              • Instruction ID: f90352aabb8c0d9f5679434db493fceeed00df5b01bc9c438ee7fc197c942e94
                                              • Opcode Fuzzy Hash: b2b5e5a61c0cdd6602ca9b51e8d5f37c860f0bc66e9af2d71d45df526eede184
                                              • Instruction Fuzzy Hash: 79223F70F1010A8BEF64EB6CD6947ADB7B1FB89314F20852BE445DB395DA34EC818B91
                                              Function 06DE3080 Relevance: .5, Instructions: 545COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e39ed89056db5fcc093056c20da7ef8020b7e0eb7c2d7e3a9bc1bc5b805aaed2
                                              • Instruction ID: b8d0aa811c2c48453dc55e602f50d8a32c6aa69932e3559103f6c252ead5fa3a
                                              • Opcode Fuzzy Hash: e39ed89056db5fcc093056c20da7ef8020b7e0eb7c2d7e3a9bc1bc5b805aaed2
                                              • Instruction Fuzzy Hash: 02324F30E1065ACFDB14EB79D8945ADB7B2FFC9300F51869AD409AB214EF74AD81CB80
                                              Function 06DE7D90 Relevance: .5, Instructions: 475COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5b5bc5d0a231d0d716332484e4eab2f72d02fce6de375d88e37b6c32a618f14
                                              • Instruction ID: 9cbcc0d877a24adeda69759557c6c8509bbfcaeeab30daccd484336d0c3f04fe
                                              • Opcode Fuzzy Hash: f5b5bc5d0a231d0d716332484e4eab2f72d02fce6de375d88e37b6c32a618f14
                                              • Instruction Fuzzy Hash: 21029130B012168FDB54EB69E484AAEB7F2FF84310F148569D506EB395EB75EC42CB90
                                              Function 0152ECA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 136COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4584096382.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_1520000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: M+M
                                              • API String ID: 0-755031969
                                              • Opcode ID: 096973a9fb12ccabe4e1b66a3ce0ecf10a6d2ba8c157e3e929dbaa55e579084f
                                              • Instruction ID: 4b056b76f712a527a934ccba4e00bf49deab011cc6e50b8677096ff72cd9fe1a
                                              • Opcode Fuzzy Hash: 096973a9fb12ccabe4e1b66a3ce0ecf10a6d2ba8c157e3e929dbaa55e579084f
                                              • Instruction Fuzzy Hash: 7B412372E043558FCB14DFA9D81429EBBF1EFCA210F15866AD904A7341EBB49845CBA1
                                              Function 0152ED88 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 25 152ed88-152edfc GlobalMemoryStatusEx 27 152ee05-152ee2d 25->27 28 152edfe-152ee04 25->28 28->27
                                              APIs
                                              • GlobalMemoryStatusEx.KERNEL32 ref: 0152EDEF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4584096382.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_1520000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID: M+M
                                              • API String ID: 1890195054-755031969
                                              • Opcode ID: 71bd66c4a692324437e6d8bcf65260b881632b745b5e0b50fa8f929f0dc1ca8a
                                              • Instruction ID: df8c0422a83d46a8082d4a8c63247e3ab511ad7514593a6dd59bf2c2ec59799e
                                              • Opcode Fuzzy Hash: 71bd66c4a692324437e6d8bcf65260b881632b745b5e0b50fa8f929f0dc1ca8a
                                              • Instruction Fuzzy Hash: DC1114B2C0065A9FDB10CF9AC44479EFBF4BF48320F11816AE918B7240D378A954CFA5
                                              Function 06DE3898 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: M+M
                                              • API String ID: 0-755031969
                                              • Opcode ID: f88ecc827289e6a7784c1ac9d7b17897af01a808d7aee6a38e401c12b3a65728
                                              • Instruction ID: 7cae3884ee52f3bb23935692dda85250517d2140487782a1c36a2934257d8f3b
                                              • Opcode Fuzzy Hash: f88ecc827289e6a7784c1ac9d7b17897af01a808d7aee6a38e401c12b3a65728
                                              • Instruction Fuzzy Hash: D421E0B5D01219AFCB00DF9AD984ADEFBB8FB48310F10812AE918A7200C374A954CFA5
                                              Function 06DE38A0 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: M+M
                                              • API String ID: 0-755031969
                                              • Opcode ID: 5894943aa0d100626b43e3d8d3a86282820ef36d8e790b7d0d2b4219f6429465
                                              • Instruction ID: 1deee92cdb0cb788e291d2d8fc8bbaac5337527f6560e6bc66fc4fd201c5e9db
                                              • Opcode Fuzzy Hash: 5894943aa0d100626b43e3d8d3a86282820ef36d8e790b7d0d2b4219f6429465
                                              • Instruction Fuzzy Hash: C011C2B5D01619AFCB00DF9AD884ADEFBB4FB48310F10812AE518B7200C374A554CFA5
                                              Function 06DECF58 Relevance: .8, Instructions: 804COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b0eeac95ef2e743688ab62f298e810c4619fabe493ffd6b7ddccf6ce760b8136
                                              • Instruction ID: b4227e01a3deb59b6ea9765a7df0017a0b201c2f227f4582c4adbebf8aed7d4c
                                              • Opcode Fuzzy Hash: b0eeac95ef2e743688ab62f298e810c4619fabe493ffd6b7ddccf6ce760b8136
                                              • Instruction Fuzzy Hash: 43622D30B012069FDB55EB68E590A5DBBB2FF84344F209A69D0059F255DF79EC86CB80
                                              Function 06DEB660 Relevance: .5, Instructions: 472COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e1f87d750909afe12c4835f4381a23433646d356469e1b366fa7eb1483c263bd
                                              • Instruction ID: 3e512debff5f1fb3e40b17155ef5ab1421004850885c6c680a47d2aa8b2b8e54
                                              • Opcode Fuzzy Hash: e1f87d750909afe12c4835f4381a23433646d356469e1b366fa7eb1483c263bd
                                              • Instruction Fuzzy Hash: AB027E30F0020A8FEBA4EB68DA846ADB7B1FB85314F10852BD455EB345DB75EC81CB91
                                              Function 06DE6D28 Relevance: .3, Instructions: 257COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 57a4d0bb27b1e5d90c438b744d157310dbe43e1c79694684397b0f9f8ac6522e
                                              • Instruction ID: 8cd8874ea979e33a5c9fe816342febbf63421383f25b56f65e52348af8d0d1f6
                                              • Opcode Fuzzy Hash: 57a4d0bb27b1e5d90c438b744d157310dbe43e1c79694684397b0f9f8ac6522e
                                              • Instruction Fuzzy Hash: B0A16B30B00215CFDBA4EB69D544A6DBBF2FF84314F548569E41AAB390EB76EC41CB90
                                              Function 06DE42B9 Relevance: .2, Instructions: 231COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a86b01867b420726cd61199aa2a7b6a49e9d08b326450606229c7406b1083ac4
                                              • Instruction ID: 48958934de25fd87dad00dfb32fd64bca548030bd18daff0b1b5d1732cda8ac8
                                              • Opcode Fuzzy Hash: a86b01867b420726cd61199aa2a7b6a49e9d08b326450606229c7406b1083ac4
                                              • Instruction Fuzzy Hash: 97811C34B0124A8FDB54EBA8D4546AEB7F7EF89300F108529D50AEB384EF75DC428B91
                                              Function 06DE9160 Relevance: .2, Instructions: 231COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8cf8deba2d349a2b50d2a6b0831b67faf330d708e5d83df019cab206da32b098
                                              • Instruction ID: 87ccdb6356c57081b7ed03463cedaa36f0a6c06508ef9d353e257198a3b7c4b7
                                              • Opcode Fuzzy Hash: 8cf8deba2d349a2b50d2a6b0831b67faf330d708e5d83df019cab206da32b098
                                              • Instruction Fuzzy Hash: 16914070B0125A8FDB64DB68E894BAE77F6FF85300F108569D40AAB344EE749D418B91
                                              Function 06DE6200 Relevance: .2, Instructions: 229COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c477722c5f1d7e05b674d1b2f9e595bc3c6f827c954a82cb225e180e4f943bac
                                              • Instruction ID: 42b97dd3108f8c2bbd8c14d4ebddeb70bb031fb6faab475188048c079317a972
                                              • Opcode Fuzzy Hash: c477722c5f1d7e05b674d1b2f9e595bc3c6f827c954a82cb225e180e4f943bac
                                              • Instruction Fuzzy Hash: C561D372F001624BCF64AB6ED88455FBAD7EFE4210B15407AE90EDB364DEA5EC0287D1
                                              Function 06DE45D8 Relevance: .2, Instructions: 223COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 40b9e5fbdeeec0d3b01e323eb24e1fd30895095f28f51faadd753249594ab2b3
                                              • Instruction ID: 1c687c5e146c2af066fa00b76e8d5031b50e90ad7a7a749a17402917186cab82
                                              • Opcode Fuzzy Hash: 40b9e5fbdeeec0d3b01e323eb24e1fd30895095f28f51faadd753249594ab2b3
                                              • Instruction Fuzzy Hash: 6C914E30E106598FDF60DF68C890BDDB7B1FF89314F208599D549AB241DB70AA85CF91
                                              Function 06DEAF38 Relevance: .2, Instructions: 215COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8028252a737a283b26bd5c9f3d675406db17590431ef7d033bb5b3a3c11209a7
                                              • Instruction ID: 8d98a8e192b86483d11db70179cb7328ae42f061f26b3ae013e51a2faf8079d0
                                              • Opcode Fuzzy Hash: 8028252a737a283b26bd5c9f3d675406db17590431ef7d033bb5b3a3c11209a7
                                              • Instruction Fuzzy Hash: 19715231E003068BDB14DFA9E5406AEB7B2FFC5304F60852AE505AB354DF75A846CB81
                                              Function 06DE45F0 Relevance: .2, Instructions: 210COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 81b4630cb532e90f9dd165bd72cf4b04eb687da6606e1b3d2f74e6ff1e49ce19
                                              • Instruction ID: 052000f0c5897d0dd993141053703d3f5a23e0a8fdfb10e6a681bfa98bd1f176
                                              • Opcode Fuzzy Hash: 81b4630cb532e90f9dd165bd72cf4b04eb687da6606e1b3d2f74e6ff1e49ce19
                                              • Instruction Fuzzy Hash: 9A912C34E1061A8BDF60DF68C880B9DB7B1FF89314F208599D549AB345EB70AA85CF91
                                              Function 06DEEF20 Relevance: .2, Instructions: 207COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9fcc79ead98d72b5471a84e4e948273cc6ef3eb7658472e353d858e1ca50e1c0
                                              • Instruction ID: 396966d009d8f8d3c65cdea55f0f2e9c6304f9df1dcc37ed11224a60fac4387d
                                              • Opcode Fuzzy Hash: 9fcc79ead98d72b5471a84e4e948273cc6ef3eb7658472e353d858e1ca50e1c0
                                              • Instruction Fuzzy Hash: 99713771B002499FDB54EBA9D980AAEBBF6FF88300F148529E005EB254DB74ED46CB51
                                              Function 06DEEF30 Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d055ca0c0ec5cf261d01e9afc580874ab60709fed4d0c701a987b429e619adf6
                                              • Instruction ID: 7889fd71acb4c586c0d7182a5b99f4ea73dfc3c98c1223a4ab04fd2b56b26e84
                                              • Opcode Fuzzy Hash: d055ca0c0ec5cf261d01e9afc580874ab60709fed4d0c701a987b429e619adf6
                                              • Instruction Fuzzy Hash: 74712771B002499FDB54EBA9D980AADBBF6FF88300F248529E405EB354DB75EC42CB51
                                              Function 06DE4B88 Relevance: .2, Instructions: 186COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b720c6b03bd85d1b00bbc055ac132fcb385a948f2df59ccee8b9653f6fbd33e1
                                              • Instruction ID: 8da88ac87867647923886b84d5bac362dcf8bd6f00610b7caf90cbb954846d01
                                              • Opcode Fuzzy Hash: b720c6b03bd85d1b00bbc055ac132fcb385a948f2df59ccee8b9653f6fbd33e1
                                              • Instruction Fuzzy Hash: 8E619171F002199FEB549BA8D8147AEBBF6FF88344F20842AE106AB395DB754C45CB91
                                              Function 06DEFC89 Relevance: .2, Instructions: 178COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e949033e5d141654d2e9b22bdceb11a446bb2e9da569d35f2b7d4b81a9867458
                                              • Instruction ID: e09fdea5d5596af70e6d2191e2ec8370830dd9bd3193c1a7e70c6f1dcfb57456
                                              • Opcode Fuzzy Hash: e949033e5d141654d2e9b22bdceb11a446bb2e9da569d35f2b7d4b81a9867458
                                              • Instruction Fuzzy Hash: 6951FF36F015059FCF64BB78E4846AEBBB2FB84215F208869E106DB350DB329D45CB81
                                              Function 06DEFA39 Relevance: .2, Instructions: 173COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a54bf258d2c40bd85760dd09e37fae2652b0f1c69d5fab2c8b1dcd326bba6f4
                                              • Instruction ID: 1d10b5bd5a8dcbe80590a0ddb7806cef74b38fe6efc4620be34d7956f5c25209
                                              • Opcode Fuzzy Hash: 8a54bf258d2c40bd85760dd09e37fae2652b0f1c69d5fab2c8b1dcd326bba6f4
                                              • Instruction Fuzzy Hash: AF51A370F10205DBEF6067BCE894B7F3A9AD7C9350F205426E50AC7792C96D8D4187A2
                                              Function 06DE915E Relevance: .2, Instructions: 165COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 154f8fa207b2e362f4cf92b6ed31e336036fa68d353152fdaca19b671073f90a
                                              • Instruction ID: 6b3c706bc9cdded5277e8e22c887a76dc79101f02422a92ac2e7f56f0ddad39f
                                              • Opcode Fuzzy Hash: 154f8fa207b2e362f4cf92b6ed31e336036fa68d353152fdaca19b671073f90a
                                              • Instruction Fuzzy Hash: F8512D70B021469FDB64EB68E8A4B6E73F6FF84240F14856AC50ADB348EE34DC419B91
                                              Function 06DEFA48 Relevance: .2, Instructions: 163COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 57ae12f86a5f44c5213d349ab95e98245fd9bfbb05ccc78b76f40c48ca757c69
                                              • Instruction ID: 06100998166d9be698e22783a4f6e561658ccab0c5159b37051818c2533858cb
                                              • Opcode Fuzzy Hash: 57ae12f86a5f44c5213d349ab95e98245fd9bfbb05ccc78b76f40c48ca757c69
                                              • Instruction Fuzzy Hash: 9C51A270F10205DBEF6067BCE894B7F3A9AD7C9350F205426E50AC7792CDA9CC4183A2
                                              Function 06DE9151 Relevance: .1, Instructions: 149COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d8ad24eb9697cda1d1b41d8efd642a66eacfc434af808df6068d58173c821132
                                              • Instruction ID: f71dc21c82681b375daf8149f8f1ee601f79c75729e762ccc20366088ba33ad1
                                              • Opcode Fuzzy Hash: d8ad24eb9697cda1d1b41d8efd642a66eacfc434af808df6068d58173c821132
                                              • Instruction Fuzzy Hash: 77510270B021469FDB54DB68E8A4BAE73F6FFC9240F14856AC409DB348EE34DC419B91
                                              Function 06DE5431 Relevance: .1, Instructions: 133COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5a2aeb4387d868207edcd1fa8bd3ab200d199d940cd834eaf7d181cbdd11c2a6
                                              • Instruction ID: 3f293e0a13a2af793a8ab0fb8bba36a9d05a065ace69034b968786bcfb4bd514
                                              • Opcode Fuzzy Hash: 5a2aeb4387d868207edcd1fa8bd3ab200d199d940cd834eaf7d181cbdd11c2a6
                                              • Instruction Fuzzy Hash: F2419F31E006059FDF70DF99E880ABFBBB2FB88354F10492AD25AD7650D231E855CB90
                                              Function 06DE4B78 Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e1325fc7f9ae1692efefeae85ddc733744ef57c7eb68a792cef6fcdac20863c4
                                              • Instruction ID: 868665dd7337230056d47d36f57f94e2fbd361f288c444bcad832b9435dd881d
                                              • Opcode Fuzzy Hash: e1325fc7f9ae1692efefeae85ddc733744ef57c7eb68a792cef6fcdac20863c4
                                              • Instruction Fuzzy Hash: BB418171F002189FDB559BA9D814B9EBBF6FF88340F20852AE106AB395DA758C05CB90
                                              Function 06DEDACD Relevance: .1, Instructions: 130COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e11a63d947e7e953e0e8d2f9673a26dba5a2a2690e024b0c9a9f98858f90c503
                                              • Instruction ID: 3aa00302a967574f2146c63c3439b6c960cbcc2434516a1684eb62d48dc4cc47
                                              • Opcode Fuzzy Hash: e11a63d947e7e953e0e8d2f9673a26dba5a2a2690e024b0c9a9f98858f90c503
                                              • Instruction Fuzzy Hash: 87418F70E0030AEFDB65EF65D8446AEBBB3EF85344F104529E406EB240EF759946CB91
                                              Function 06DE21ED Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 46c7e9d98fc1d47abf9f9dc8888008aa15662d40420a74788e1cd011c4738aa8
                                              • Instruction ID: ee172cb0c3003aefaf18ccbef96fe955396cfb4ac3bff9f264846e56fa34a3ff
                                              • Opcode Fuzzy Hash: 46c7e9d98fc1d47abf9f9dc8888008aa15662d40420a74788e1cd011c4738aa8
                                              • Instruction Fuzzy Hash: 45311231B012018FDB69AB38E05866E7BB6FF89310F14442DD406DB395DE39CE46CB91
                                              Function 06DE2200 Relevance: .1, Instructions: 105COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a50181eafa7fba914ec38b134987bff37e198bbd3f2bdb61f3c204c722f9a77a
                                              • Instruction ID: 295630e938f971c2b531f92049adf5a1c4feb30ebfeb5cb82716786b341311f1
                                              • Opcode Fuzzy Hash: a50181eafa7fba914ec38b134987bff37e198bbd3f2bdb61f3c204c722f9a77a
                                              • Instruction Fuzzy Hash: C231E230B102059FDB69AB78D41466E7BA7AF89304F24442CD406DB395DE35DD42CBD1
                                              Function 06DED980 Relevance: .1, Instructions: 104COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1aa4382420c4da2a729a47521358aa4cf7535dc30424fb98eeb01a3929ad2d00
                                              • Instruction ID: 8faa7f8e5053268b101213ef88b8097c0958fe9180526f1faaa61d9234ecda69
                                              • Opcode Fuzzy Hash: 1aa4382420c4da2a729a47521358aa4cf7535dc30424fb98eeb01a3929ad2d00
                                              • Instruction Fuzzy Hash: 5131A970E1030A9BDF25EF65D840A9EBBB6FF85304F108529E505AB340EFB5A946C790
                                              Function 06DE20B0 Relevance: .1, Instructions: 101COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63480349ab9c61f1f2b5b942d84a4935efa3d96153ec843b226767bf29cef525
                                              • Instruction ID: cf8b292f34a099e2a4618a55777491625ccc54d439b913e506fdc12cc92ccabf
                                              • Opcode Fuzzy Hash: 63480349ab9c61f1f2b5b942d84a4935efa3d96153ec843b226767bf29cef525
                                              • Instruction Fuzzy Hash: F431AF30E002059FCB54DFA5E89469EB7B6FFC9310F108529E906EB740DB72AE46CB90
                                              Function 06DE20C0 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63d4f482fa15a87b2c9411f63bd44947436cafed081b3df3a0b178f02801ebda
                                              • Instruction ID: 145534e097c98db0f6c62fa79f2b970e00225789105104b759b0ed272b1cfb1a
                                              • Opcode Fuzzy Hash: 63d4f482fa15a87b2c9411f63bd44947436cafed081b3df3a0b178f02801ebda
                                              • Instruction Fuzzy Hash: 49316D30E102099BCB59DFA9D85469EB7F6FF89300F108929E906EB740DB71AE46CB50
                                              Function 06DE3EC0 Relevance: .1, Instructions: 84COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9333891e3f156e8a0c0a2cbbfbad7e801b7bdd2da2050ab82ac2f8056bd010f4
                                              • Instruction ID: cbb20da9c245f602423e3edbebbf9dad45c7b77edb9bcda31225d4359fd1bb4d
                                              • Opcode Fuzzy Hash: 9333891e3f156e8a0c0a2cbbfbad7e801b7bdd2da2050ab82ac2f8056bd010f4
                                              • Instruction Fuzzy Hash: D0216B35F112159FDB50DF69E840AEEB7B6FB88750F15802AE909EB340EB39DC418B90
                                              Function 06DE3ED0 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 33785dde12d0e48b63e50370d02e8a3217753014a74c4af6ce60918d7b2ed61c
                                              • Instruction ID: 9a2ebb33f02c13cd73e3cd39c3c223541550d023f09c33f9a30ff1bf3999c6c9
                                              • Opcode Fuzzy Hash: 33785dde12d0e48b63e50370d02e8a3217753014a74c4af6ce60918d7b2ed61c
                                              • Instruction Fuzzy Hash: F9213B75F112159FDB50DF69E840AAEB7F5FB48750F15402AE905E7341EB39DC408B90
                                              Function 06DE55B0 Relevance: .1, Instructions: 77COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5752e8abd94a9c6faa287ea6d93c18bb5eb2c820c47229096c5bd7bf4c916f44
                                              • Instruction ID: faf3d0d1fd3383b95dd49ee379b82868392b95b581ac2b3c5e0e39e1ab605885
                                              • Opcode Fuzzy Hash: 5752e8abd94a9c6faa287ea6d93c18bb5eb2c820c47229096c5bd7bf4c916f44
                                              • Instruction Fuzzy Hash: 2D21F632E102018FEF709FA9D8807AFBBA1EB85364F20493ED159D7280D636D9418B90
                                              Function 06DE6D1F Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef9d6510c42ecf2e34bc780b65a1f9d76ac5467df728bbbd5d5bb2bf5aea74b8
                                              • Instruction ID: 9b11f8edfca2b62aa5e7527155a8ed6d861672e2511a5c37a45614e698838898
                                              • Opcode Fuzzy Hash: ef9d6510c42ecf2e34bc780b65a1f9d76ac5467df728bbbd5d5bb2bf5aea74b8
                                              • Instruction Fuzzy Hash: 3621AE35B110559BDF94EB68E9547AEB7B6FFC8310F608429E405EB340EA36ED41CBA0
                                              Function 013ED1F8 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4583607776.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_13ed000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 415a0d2ea7bad63d2c4c36f6dd96432dab2bdc3f1f76a451e6607d9a6d69b08a
                                              • Instruction ID: 6a6f4fe4a9ecfc8a0d1d92560065af492400b8194cb6a899c140163b038f0d6a
                                              • Opcode Fuzzy Hash: 415a0d2ea7bad63d2c4c36f6dd96432dab2bdc3f1f76a451e6607d9a6d69b08a
                                              • Instruction Fuzzy Hash: D42138B1504344DFDB15DF94D9C8B2ABBA5FB84338F20C56DE9090B386C376D406CAA1
                                              Function 013ED3A8 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4583607776.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_13ed000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ccda3a7e95a3e142c51aa94a1253bf5e04244def42aeecf1544d5a34bf3d2ad3
                                              • Instruction ID: 06d3870ed2fd8b31bed4de28a2508067791b19bde22befcfb9a52cc16f53422b
                                              • Opcode Fuzzy Hash: ccda3a7e95a3e142c51aa94a1253bf5e04244def42aeecf1544d5a34bf3d2ad3
                                              • Instruction Fuzzy Hash: 332176B5600304EFCB04DF54D5C8B26BBA9FB84318F20C56DE9090B292CB76E806CF62
                                              Function 013ED030 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4583607776.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_13ed000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 97d5757627a4a151e5ac6bd3c712c4102e8d541256baad5853f156a9f241cb97
                                              • Instruction ID: 4464f026131d2a46d79a803764745e5262655b3a8762c89036014ba709430d1d
                                              • Opcode Fuzzy Hash: 97d5757627a4a151e5ac6bd3c712c4102e8d541256baad5853f156a9f241cb97
                                              • Instruction Fuzzy Hash: D92142B1104304EFCB15DF54D9C8B26BFA5FB84318F28C56DD90A0B292C37AD806CA62
                                              Function 06DEAF33 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 35bee1a9ac4df7b0ae798556ac608adba7dbc261fc29d0cca92601acd5ba3128
                                              • Instruction ID: ca1bc1c5de1486797febd814ddc1c357a00170ab6dd677aefa8564b536338037
                                              • Opcode Fuzzy Hash: 35bee1a9ac4df7b0ae798556ac608adba7dbc261fc29d0cca92601acd5ba3128
                                              • Instruction Fuzzy Hash: DE218171D1075A9BCF24DFA9C54069EBBB2FF85310F10492AE805FB240DA70A845CB80
                                              Function 06DE4218 Relevance: .1, Instructions: 61COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 051ab303cd559612973ca75680f59e1e44467f45fe622ce89ddb8fbbb83e7180
                                              • Instruction ID: 4bb91cf4055319891718cfbf5c0f6fbd367d3523cfbafad482666020e54dd430
                                              • Opcode Fuzzy Hash: 051ab303cd559612973ca75680f59e1e44467f45fe622ce89ddb8fbbb83e7180
                                              • Instruction Fuzzy Hash: DC01F130B001111BDB76A6BCA81476BBBDBDBCA710F15883EE50ACB341ED69DC0643A2
                                              Function 06DE3FE0 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 26a312ad65267924f6d88b3668f52fdaa5cc1766f9264852009aabc268726798
                                              • Instruction ID: f394c87485d422e877848b09056d55a60cae190c712bf0b26ced21e876f97620
                                              • Opcode Fuzzy Hash: 26a312ad65267924f6d88b3668f52fdaa5cc1766f9264852009aabc268726798
                                              • Instruction Fuzzy Hash: 7611AD31B011294FDB54EA79D814AAF73FAEBC8310B01483AD40AEB344EE79DC029B90
                                              Function 06DEF1A1 Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8d5e6f74a89c542d8b5e1f2cca39397d7aad613259f904a325029c8c7335872b
                                              • Instruction ID: 506e5c1a15e721a72818682d6e69aafea29e84d2815499083daa9ac09ac76399
                                              • Opcode Fuzzy Hash: 8d5e6f74a89c542d8b5e1f2cca39397d7aad613259f904a325029c8c7335872b
                                              • Instruction Fuzzy Hash: 9801DF71B002541BDB76AB7CE854B2F77DBEBCA610F14882AF50ACB384DE26DC024391
                                              Function 06DE3FD0 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e94ae935cc1a2f958437d82c9ddb6c4bc42062088e53979fb72deb534a754c2d
                                              • Instruction ID: 416c8f112f62fd4ca4686926e982d7f66c195e98b4318c188cffc1a221ff4ab9
                                              • Opcode Fuzzy Hash: e94ae935cc1a2f958437d82c9ddb6c4bc42062088e53979fb72deb534a754c2d
                                              • Instruction Fuzzy Hash: 8D01D435B110155BDB54A668EC14AEF73EBDBC4220F01453AD406E7284EE68DC0257D1
                                              Function 06DEA318 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4fff8edd11b7871856b1d3420d6f8c47e89c9a85eff49eb315b6008c352a6053
                                              • Instruction ID: e619df943fe871a90ce7c8519695bc5239ad74b03737ad44f789cac7c16448ae
                                              • Opcode Fuzzy Hash: 4fff8edd11b7871856b1d3420d6f8c47e89c9a85eff49eb315b6008c352a6053
                                              • Instruction Fuzzy Hash: 5D018430B102111FDBA5A76CE85475E77D6EBCA714F14893EF10ACB381EE19EC0283A1
                                              Function 013ED02B Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4583607776.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_13ed000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                              • Instruction ID: f23eeddf234a04d8d474ca829d3523019b818e8de02b8663da102d1bab2a0c8b
                                              • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                              • Instruction Fuzzy Hash: F411BB75504384CFCB12CF54D9C4B15BFA1FB84318F28C6AAD8494B6A6C33AD84ACB62
                                              Function 013ED1F3 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4583607776.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_13ed000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ecf76333c4857edb0cae155a2ed822a1bfe38db2c40391184a4fb299c42cee64
                                              • Instruction ID: 3be6d75d5991b74fd11fe85b8236006677b66b94acd64802c4e955526c3fec6c
                                              • Opcode Fuzzy Hash: ecf76333c4857edb0cae155a2ed822a1bfe38db2c40391184a4fb299c42cee64
                                              • Instruction Fuzzy Hash: 76116076504384DFDB12CF54D5C4B19BBA1FB84328F24C6AAD8494B696C33AD446CB91
                                              Function 013ED3A3 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4583607776.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_13ed000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                              • Instruction ID: 7a5f5d5d802d4b55f6fd67de612204804efa2807669213b2ba939cd1f5b9bfe8
                                              • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                              • Instruction Fuzzy Hash: B611BEB5504380CFCB02CF54D5C4B55BBA1FB84318F24C6AAD9494B2A6C33AE44ACF52
                                              Function 06DE4228 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0ca66a2bd68b363edd067b496dbe51dfe21fa4ecc6ef2872fa4bc3246eb00d01
                                              • Instruction ID: 6e4cd27cd6901d8fe40a7a0fcdbd319ab501add48111a148b0307c91b73ee4c8
                                              • Opcode Fuzzy Hash: 0ca66a2bd68b363edd067b496dbe51dfe21fa4ecc6ef2872fa4bc3246eb00d01
                                              • Instruction Fuzzy Hash: C6018131B100111BEB75A6ADA41472FB3DBEBC9B10F14883DE50AC7744ED69DC024391
                                              Function 06DEF1B0 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: abdcdcd761af03228cd1c2c2b467567a834dbfda65f6bb895aeb4464cf3e2261
                                              • Instruction ID: cb624baccadc0d0b33d0ca294003d7c1ae6582983573d0281e02bd1a62fc4ad1
                                              • Opcode Fuzzy Hash: abdcdcd761af03228cd1c2c2b467567a834dbfda65f6bb895aeb4464cf3e2261
                                              • Instruction Fuzzy Hash: 2901AF75B001155BEB75A7ACE854B2E73DAEBC9720F108839E60AC7340EE26DC024385
                                              Function 06DEA328 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 074fce264e6b530d9344c9c4062c6dbfbfc1f6f4f8b6af2fe4783737dc1b2b33
                                              • Instruction ID: 4d84484f9cea09f3243cff623017144beba3e4a9abdb954ef481a883aaced5c3
                                              • Opcode Fuzzy Hash: 074fce264e6b530d9344c9c4062c6dbfbfc1f6f4f8b6af2fe4783737dc1b2b33
                                              • Instruction Fuzzy Hash: CD014F30B102125BDBA5EBACE85472E73D6EBC9710F14883DE10BC7340EE29EC428791
                                              Function 013DD8B1 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4583526928.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_13dd000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cbecd89785b426ac957f9ae60dfdcb30f8fee822c91ab1ad20fc65c7cee0d0d5
                                              • Instruction ID: a3e4b5c3830e702691f2ad4b32bb2d37d14d53d45ea2a60ee68c59eacb315dd6
                                              • Opcode Fuzzy Hash: cbecd89785b426ac957f9ae60dfdcb30f8fee822c91ab1ad20fc65c7cee0d0d5
                                              • Instruction Fuzzy Hash: C201F7724083489AF7114EA9ED84766BF98DF40368F08841AEE085A1C7C6BA9440C671
                                              Function 013DD8B0 Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4583526928.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_13dd000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8206f09d59eee68f3379c4a50d9251b5db845819b67631aca6abccd1f5af8f34
                                              • Instruction ID: 5b28c9de8b77dc9f3b2bab6ca11d506576709b218938f005c469e8bef5830465
                                              • Opcode Fuzzy Hash: 8206f09d59eee68f3379c4a50d9251b5db845819b67631aca6abccd1f5af8f34
                                              • Instruction Fuzzy Hash: 4BF0C2724043449AEB118E09E9C4B62FF98EB80628F18C45AEE485B287C3799844CA71
                                              Function 06DE8306 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8da70625a78ab4526cd9a2b6d37b09c4a991ceab2645d6a4358cc1159874a9bd
                                              • Instruction ID: 048332eb88716bd674bebfe21bcc64cecf3999feb87fc50f856df48accef0118
                                              • Opcode Fuzzy Hash: 8da70625a78ab4526cd9a2b6d37b09c4a991ceab2645d6a4358cc1159874a9bd
                                              • Instruction Fuzzy Hash: 4AF02232B01210CFEF68AB89F9842BDB3B4FB40252F180062CC01C3112C735DE01E761
                                              Function 06DE6481 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000009.00000002.4602186567.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_9_2_6de0000_NEW SHIPPING DOCUMENTS.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7a59b4713cba299ed0bf47ffa8811ec57d0184e24f65489fa1e0d4c4e74ea53f
                                              • Instruction ID: bf26cd0ab6f1d9c216acbfa45ecc21f7802c0462efe12f55dc1cd1d8838402ea
                                              • Opcode Fuzzy Hash: 7a59b4713cba299ed0bf47ffa8811ec57d0184e24f65489fa1e0d4c4e74ea53f
                                              • Instruction Fuzzy Hash: 85E0D8B1E14248ABDB90DE70C91871B775DE745314F2048A2F805D7201E177C9014741

                                              Execution Graph

                                              Execution Coverage:7.9%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:97
                                              Total number of Limit Nodes:5
                                              execution_graph 33385 848f648 33386 848f68d Wow64SetThreadContext 33385->33386 33388 848f6d5 33386->33388 33394 848fc18 33395 848fc60 WriteProcessMemory 33394->33395 33397 848fcb7 33395->33397 33398 848fb58 33399 848fb98 VirtualAllocEx 33398->33399 33401 848fbd5 33399->33401 33402 ba4668 33403 ba467a 33402->33403 33404 ba4686 33403->33404 33408 ba4779 33403->33408 33413 ba4204 33404->33413 33406 ba46a5 33409 ba479d 33408->33409 33417 ba4888 33409->33417 33421 ba4877 33409->33421 33414 ba420f 33413->33414 33429 ba5aec 33414->33429 33416 ba71fd 33416->33406 33419 ba488e 33417->33419 33418 ba498c 33418->33418 33419->33418 33425 ba454c 33419->33425 33423 ba4887 33421->33423 33422 ba498c 33422->33422 33423->33422 33424 ba454c CreateActCtxA 33423->33424 33424->33422 33426 ba5d18 CreateActCtxA 33425->33426 33428 ba5ddb 33426->33428 33430 ba5af7 33429->33430 33433 ba7744 33430->33433 33432 ba7b25 33432->33416 33434 ba774f 33433->33434 33437 ba7774 33434->33437 33436 ba7c02 33436->33432 33438 ba777f 33437->33438 33441 ba77a4 33438->33441 33440 ba7d05 33440->33436 33442 ba77af 33441->33442 33444 ba90eb 33442->33444 33448 bab7a0 33442->33448 33443 ba9129 33443->33440 33444->33443 33452 bad889 33444->33452 33457 bad898 33444->33457 33462 bab7d8 33448->33462 33465 bab7c7 33448->33465 33449 bab7b6 33449->33444 33453 bad8b9 33452->33453 33454 bad8dd 33453->33454 33474 bada37 33453->33474 33478 bada48 33453->33478 33454->33443 33458 bad8b9 33457->33458 33459 bad8dd 33458->33459 33460 bada48 GetModuleHandleW 33458->33460 33461 bada37 GetModuleHandleW 33458->33461 33459->33443 33460->33459 33461->33459 33469 bab8c2 33462->33469 33463 bab7e7 33463->33449 33466 bab7d8 33465->33466 33468 bab8c2 GetModuleHandleW 33466->33468 33467 bab7e7 33467->33449 33468->33467 33470 bab8e1 33469->33470 33471 bab904 33469->33471 33470->33471 33472 babb08 GetModuleHandleW 33470->33472 33471->33463 33473 babb35 33472->33473 33473->33463 33475 bada55 33474->33475 33476 bada8f 33475->33476 33482 bad5b0 33475->33482 33476->33454 33479 bada55 33478->33479 33480 bada8f 33479->33480 33481 bad5b0 GetModuleHandleW 33479->33481 33480->33454 33481->33480 33483 bad5b5 33482->33483 33485 bae3a0 33483->33485 33486 bad6dc 33483->33486 33485->33485 33487 bad6e7 33486->33487 33488 ba77a4 GetModuleHandleW 33487->33488 33489 bae40f 33488->33489 33489->33485 33490 badda8 DuplicateHandle 33491 bade3e 33490->33491 33492 554f840 33493 554f8c9 CreateProcessA 33492->33493 33495 554fa8b 33493->33495 33389 848f200 33390 848f1ae ResumeThread 33389->33390 33392 848f20a 33389->33392 33393 848f1d1 33390->33393 33496 badb60 33497 badba6 GetCurrentProcess 33496->33497 33499 badbf8 GetCurrentThread 33497->33499 33500 badbf1 33497->33500 33501 badc2e 33499->33501 33502 badc35 GetCurrentProcess 33499->33502 33500->33499 33501->33502 33505 badc6b 33502->33505 33503 badc93 GetCurrentThreadId 33504 badcc4 33503->33504 33505->33503 33506 554f6a8 33507 554f6f3 ReadProcessMemory 33506->33507 33509 554f737 33507->33509

                                              Executed Functions

                                              Function 0848F200 Relevance: 1.7, APIs: 1, Instructions: 165threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 218 848f200-848f208 219 848f20a-848f23f 218->219 220 848f1ae-848f1af 218->220 224 848f241 219->224 225 848f246-848f29c 219->225 221 848f1b1-848f1b3 220->221 222 848f1b5-848f1cf ResumeThread 220->222 221->222 229 848f1d8-848f1fd 222->229 230 848f1d1-848f1d7 222->230 224->225 227 848f3af-848f3c0 225->227 228 848f2a2-848f2a4 225->228 232 848f438-848f449 227->232 233 848f3c2-848f3c4 227->233 228->227 231 848f2aa-848f2da 228->231 230->229 237 848f2dc 231->237 238 848f2e1-848f2f2 231->238 235 848f628-848f632 232->235 236 848f44f-848f451 232->236 233->232 234 848f3c6-848f3d6 233->234 239 848f3d8-848f3e5 234->239 240 848f3e7 234->240 236->235 245 848f457-848f487 236->245 237->238 241 848f2f9-848f30f 238->241 242 848f2f4 238->242 248 848f3ea-848f425 239->248 240->248 249 848f311 241->249 250 848f316-848f32c 241->250 242->241 246 848f489 245->246 247 848f48e-848f49f 245->247 246->247 252 848f4a1 247->252 253 848f4a6-848f4bc 247->253 266 848f42c-848f433 248->266 267 848f427 248->267 249->250 255 848f32e 250->255 256 848f333-848f38e 250->256 252->253 257 848f4be 253->257 258 848f4c3-848f4d9 253->258 255->256 276 848f398 256->276 277 848f390-848f396 256->277 257->258 260 848f4db 258->260 261 848f4e0-848f51d 258->261 260->261 264 848f51f 261->264 265 848f524-848f535 261->265 264->265 269 848f53c-848f552 265->269 270 848f537 265->270 266->235 267->266 271 848f559-848f56f 269->271 272 848f554 269->272 270->269 274 848f571 271->274 275 848f576-848f595 271->275 272->271 274->275 278 848f59f 275->278 279 848f597-848f59d 275->279 280 848f39b-848f3aa 276->280 277->280 281 848f5a2-848f610 278->281 279->281 280->235 288 848f61a 281->288 289 848f612-848f618 281->289 290 848f61d-848f625 288->290 289->290 290->235
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2193410346.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_8480000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 67ff0bbd2ab49f1077da813c5412f405b64449b624c18f3810662962e277b7c7
                                              • Instruction ID: 59f52b7f5308ba94f8e9bf3f8bd2028ae2bdbb3907083ce695e5f74a8e41568e
                                              • Opcode Fuzzy Hash: 67ff0bbd2ab49f1077da813c5412f405b64449b624c18f3810662962e277b7c7
                                              • Instruction Fuzzy Hash: 03616A70E00219CFDB14DFA9C9846AEFBF2FF89305F24866AD448A7255CB359942CF61
                                              Function 00BADB50 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 00BADBDE
                                              • GetCurrentThread.KERNEL32 ref: 00BADC1B
                                              • GetCurrentProcess.KERNEL32 ref: 00BADC58
                                              • GetCurrentThreadId.KERNEL32 ref: 00BADCB1
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2185362260.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_ba0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: 9d7875827197a329e59059efd785eac813fcdd4695cf1969168aecea641f4e78
                                              • Instruction ID: 019fd4a428c457dd017033cb19d6f3323c2caa1198a33498e04210fe401e4f7e
                                              • Opcode Fuzzy Hash: 9d7875827197a329e59059efd785eac813fcdd4695cf1969168aecea641f4e78
                                              • Instruction Fuzzy Hash: 925186B09003498FDB14CFA9D548BDEBBF1FF88324F208059E049A7290DBB95944CF65
                                              Function 00BADB60 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 00BADBDE
                                              • GetCurrentThread.KERNEL32 ref: 00BADC1B
                                              • GetCurrentProcess.KERNEL32 ref: 00BADC58
                                              • GetCurrentThreadId.KERNEL32 ref: 00BADCB1
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2185362260.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_ba0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: 8bbde7437def9ba770ec73d11971940f336b178d5ab0ccad8682aa0d79698b63
                                              • Instruction ID: c209fddc44bf46d60072bd36659d2f4af1cb703f1cac1930289b944fe1d48038
                                              • Opcode Fuzzy Hash: 8bbde7437def9ba770ec73d11971940f336b178d5ab0ccad8682aa0d79698b63
                                              • Instruction Fuzzy Hash: 3C5155B09003498FDB14DFA9D548B9EBBF1FF88324F208459E059A7350DBB59944CF65
                                              Function 0554F835 Relevance: 1.8, APIs: 1, Instructions: 251processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 44 554f835-554f8d5 47 554f8d7-554f8e1 44->47 48 554f90e-554f92e 44->48 47->48 49 554f8e3-554f8e5 47->49 53 554f967-554f996 48->53 54 554f930-554f93a 48->54 51 554f8e7-554f8f1 49->51 52 554f908-554f90b 49->52 55 554f8f5-554f904 51->55 56 554f8f3 51->56 52->48 64 554f9cf-554fa89 CreateProcessA 53->64 65 554f998-554f9a2 53->65 54->53 57 554f93c-554f93e 54->57 55->55 58 554f906 55->58 56->55 59 554f940-554f94a 57->59 60 554f961-554f964 57->60 58->52 62 554f94c 59->62 63 554f94e-554f95d 59->63 60->53 62->63 63->63 66 554f95f 63->66 76 554fa92-554fb18 64->76 77 554fa8b-554fa91 64->77 65->64 67 554f9a4-554f9a6 65->67 66->60 69 554f9a8-554f9b2 67->69 70 554f9c9-554f9cc 67->70 71 554f9b4 69->71 72 554f9b6-554f9c5 69->72 70->64 71->72 72->72 73 554f9c7 72->73 73->70 87 554fb28-554fb2c 76->87 88 554fb1a-554fb1e 76->88 77->76 89 554fb3c-554fb40 87->89 90 554fb2e-554fb32 87->90 88->87 91 554fb20 88->91 93 554fb50-554fb54 89->93 94 554fb42-554fb46 89->94 90->89 92 554fb34 90->92 91->87 92->89 96 554fb66-554fb6d 93->96 97 554fb56-554fb5c 93->97 94->93 95 554fb48 94->95 95->93 98 554fb84 96->98 99 554fb6f-554fb7e 96->99 97->96 100 554fb85 98->100 99->98 100->100
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0554FA76
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2192446794.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_5540000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: 3ead03fb3f48b1b484e99f599296dcf5630b9016cf29d7de2a0e0d28fb037e81
                                              • Instruction ID: 1f884d2907887f4b641a430b6a34d0fcf7ce8ecbb1783c8e996ecebabb730cb0
                                              • Opcode Fuzzy Hash: 3ead03fb3f48b1b484e99f599296dcf5630b9016cf29d7de2a0e0d28fb037e81
                                              • Instruction Fuzzy Hash: BDA15971D00259DFEF24CF68C841BEEBBB2BF49318F1485A9E849A7240DB749985CF91
                                              Function 0554F840 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 102 554f840-554f8d5 104 554f8d7-554f8e1 102->104 105 554f90e-554f92e 102->105 104->105 106 554f8e3-554f8e5 104->106 110 554f967-554f996 105->110 111 554f930-554f93a 105->111 108 554f8e7-554f8f1 106->108 109 554f908-554f90b 106->109 112 554f8f5-554f904 108->112 113 554f8f3 108->113 109->105 121 554f9cf-554fa89 CreateProcessA 110->121 122 554f998-554f9a2 110->122 111->110 114 554f93c-554f93e 111->114 112->112 115 554f906 112->115 113->112 116 554f940-554f94a 114->116 117 554f961-554f964 114->117 115->109 119 554f94c 116->119 120 554f94e-554f95d 116->120 117->110 119->120 120->120 123 554f95f 120->123 133 554fa92-554fb18 121->133 134 554fa8b-554fa91 121->134 122->121 124 554f9a4-554f9a6 122->124 123->117 126 554f9a8-554f9b2 124->126 127 554f9c9-554f9cc 124->127 128 554f9b4 126->128 129 554f9b6-554f9c5 126->129 127->121 128->129 129->129 130 554f9c7 129->130 130->127 144 554fb28-554fb2c 133->144 145 554fb1a-554fb1e 133->145 134->133 146 554fb3c-554fb40 144->146 147 554fb2e-554fb32 144->147 145->144 148 554fb20 145->148 150 554fb50-554fb54 146->150 151 554fb42-554fb46 146->151 147->146 149 554fb34 147->149 148->144 149->146 153 554fb66-554fb6d 150->153 154 554fb56-554fb5c 150->154 151->150 152 554fb48 151->152 152->150 155 554fb84 153->155 156 554fb6f-554fb7e 153->156 154->153 157 554fb85 155->157 156->155 157->157
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0554FA76
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2192446794.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_5540000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: a3a887832425a89c070e5039c3ae04af85b103ccac9facbacc1e705b3f59304a
                                              • Instruction ID: 1283eacf8840dc6ee5f6840ae2f3fb792478f7e753f38e4d7c5445508862309d
                                              • Opcode Fuzzy Hash: a3a887832425a89c070e5039c3ae04af85b103ccac9facbacc1e705b3f59304a
                                              • Instruction Fuzzy Hash: 73915871D00259DFEF24CF68C841BEEBBB2BF49318F1485A9E849A7240DB749985CF91
                                              Function 00BAB8C2 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 159 bab8c2-bab8df 160 bab90b-bab90f 159->160 161 bab8e1-bab8ee call bab294 159->161 163 bab923-bab964 160->163 164 bab911-bab91b 160->164 167 bab8f0 161->167 168 bab904 161->168 170 bab971-bab97f 163->170 171 bab966-bab96e 163->171 164->163 216 bab8f6 call babb68 167->216 217 bab8f6 call babb58 167->217 168->160 172 bab9a3-bab9a5 170->172 173 bab981-bab986 170->173 171->170 178 bab9a8-bab9af 172->178 175 bab988-bab98f call bab2a0 173->175 176 bab991 173->176 174 bab8fc-bab8fe 174->168 177 baba40-babb00 174->177 180 bab993-bab9a1 175->180 176->180 209 babb08-babb33 GetModuleHandleW 177->209 210 babb02-babb05 177->210 181 bab9bc-bab9c3 178->181 182 bab9b1-bab9b9 178->182 180->178 185 bab9d0-bab9d9 call bab2b0 181->185 186 bab9c5-bab9cd 181->186 182->181 190 bab9db-bab9e3 185->190 191 bab9e6-bab9eb 185->191 186->185 190->191 192 baba09-baba0d 191->192 193 bab9ed-bab9f4 191->193 214 baba10 call babe68 192->214 215 baba10 call babe42 192->215 193->192 195 bab9f6-baba06 call bab2c0 call bab2d0 193->195 195->192 198 baba13-baba16 200 baba18-baba36 198->200 201 baba39-baba3f 198->201 200->201 211 babb3c-babb50 209->211 212 babb35-babb3b 209->212 210->209 212->211 214->198 215->198 216->174 217->174
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 00BABB26
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2185362260.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_ba0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: fee748ecf0a13931df2259fadb8f97dbc8a109a82d5c1f935acff8c79be789ae
                                              • Instruction ID: a7f52cd0ebf3585a6dee30ae268dec11f402fc9e71e0005d7d7f177b3ca74623
                                              • Opcode Fuzzy Hash: fee748ecf0a13931df2259fadb8f97dbc8a109a82d5c1f935acff8c79be789ae
                                              • Instruction Fuzzy Hash: D8814370A04B058FD724CF69D440BABBBF1FF89300F00896ED19AD7A52DB74A945CB90
                                              Function 00BA5D0D Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 292 ba5d0d-ba5dd9 CreateActCtxA 294 ba5ddb-ba5de1 292->294 295 ba5de2-ba5e3c 292->295 294->295 302 ba5e4b-ba5e4f 295->302 303 ba5e3e-ba5e41 295->303 304 ba5e60 302->304 305 ba5e51-ba5e5d 302->305 303->302 306 ba5e61 304->306 305->304 306->306
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 00BA5DC9
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2185362260.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_ba0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 9707e678b148f1eedfc3c675c28ff7e2edb0dcd2ece1d8ab4bdfa094776a24a5
                                              • Instruction ID: 08ef497a50343ac04ca4224c0f753006c082975b291ef8c508384255f4a444c7
                                              • Opcode Fuzzy Hash: 9707e678b148f1eedfc3c675c28ff7e2edb0dcd2ece1d8ab4bdfa094776a24a5
                                              • Instruction Fuzzy Hash: 6D41C1B0C00719CBDB24CFA9C944B9EBBF5BF89704F20816AD448AB255DBB55A45CF90
                                              Function 00BA454C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 308 ba454c-ba5dd9 CreateActCtxA 311 ba5ddb-ba5de1 308->311 312 ba5de2-ba5e3c 308->312 311->312 319 ba5e4b-ba5e4f 312->319 320 ba5e3e-ba5e41 312->320 321 ba5e60 319->321 322 ba5e51-ba5e5d 319->322 320->319 323 ba5e61 321->323 322->321 323->323
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 00BA5DC9
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2185362260.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_ba0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 82881917e296b9f557965a9d0af52d1292d3cc068cda3599854355257cc32802
                                              • Instruction ID: 497949b60df683ab2c8215702d893c69bf8356d76cb1550e7fe3cd20d53fecbe
                                              • Opcode Fuzzy Hash: 82881917e296b9f557965a9d0af52d1292d3cc068cda3599854355257cc32802
                                              • Instruction Fuzzy Hash: 8C41E0B0C0471DCBDB24CFA9C948B9EBBF5BF49704F60806AD408AB255DBB56A45CF90
                                              Function 0848FC11 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 325 848fc11-848fc66 328 848fc68-848fc74 325->328 329 848fc76-848fcb5 WriteProcessMemory 325->329 328->329 331 848fcbe-848fcee 329->331 332 848fcb7-848fcbd 329->332 332->331
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0848FCA8
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2193410346.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_8480000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: 0d2e618ba82b03f1c5666a986d521b1c3b0b1a5d84bee1af2c4359a0de6d02f9
                                              • Instruction ID: 47ad71ce5ed3b797248aa4c8c4ffc0b38c13d3e3ef0b2c631fffb763596dfcdf
                                              • Opcode Fuzzy Hash: 0d2e618ba82b03f1c5666a986d521b1c3b0b1a5d84bee1af2c4359a0de6d02f9
                                              • Instruction Fuzzy Hash: 092126B6900349DFDF10DFA9C881BDEBBF5BF48320F10842AE918A7240D7789954CBA4
                                              Function 0848FC18 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 336 848fc18-848fc66 338 848fc68-848fc74 336->338 339 848fc76-848fcb5 WriteProcessMemory 336->339 338->339 341 848fcbe-848fcee 339->341 342 848fcb7-848fcbd 339->342 342->341
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0848FCA8
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2193410346.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_8480000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: d62933f7375d19a31898b226f6bccd17a96fc73302160ec0260d8e553346842c
                                              • Instruction ID: 3cfb55208e7e6df81c9d7d9c5fbb38b0d21f6026b32390fa1a99ebe1c2e87150
                                              • Opcode Fuzzy Hash: d62933f7375d19a31898b226f6bccd17a96fc73302160ec0260d8e553346842c
                                              • Instruction Fuzzy Hash: E12115B2900349DFDB10DFA9C985BDEBBF5FF48310F10842AE918A7240D7789954CBA4
                                              Function 0554F6A0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 346 554f6a0-554f735 ReadProcessMemory 350 554f737-554f73d 346->350 351 554f73e-554f76e 346->351 350->351
                                              APIs
                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0554F728
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2192446794.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_5540000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: MemoryProcessRead
                                              • String ID:
                                              • API String ID: 1726664587-0
                                              • Opcode ID: 5d01ff436717bd0a6aa8a037406b6a9455611c9f1b4adb1bbf5bc6e9c8a6cdc0
                                              • Instruction ID: d95dbbbe26439c183c9fb101fedb713c9b1ea8485bbf83534b1b69ef5038506d
                                              • Opcode Fuzzy Hash: 5d01ff436717bd0a6aa8a037406b6a9455611c9f1b4adb1bbf5bc6e9c8a6cdc0
                                              • Instruction Fuzzy Hash: 252125B18003499FDF10CFAAC885ADEFBF5FF48320F108429E558A7240D7789951CBA5
                                              Function 0848F640 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 355 848f640-848f693 358 848f6a3-848f6a6 355->358 359 848f695-848f6a1 355->359 360 848f6ad-848f6d3 Wow64SetThreadContext 358->360 359->358 361 848f6dc-848f70c 360->361 362 848f6d5-848f6db 360->362 362->361
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0848F6C6
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2193410346.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_8480000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: dace30b605d56160e45851b041213db01d98353a3abbf83a92b4997ba7ce2e48
                                              • Instruction ID: b85330621092cb2df564f693e0aa31975ae4c1ef8046ca085f6b8d3b96c190c2
                                              • Opcode Fuzzy Hash: dace30b605d56160e45851b041213db01d98353a3abbf83a92b4997ba7ce2e48
                                              • Instruction Fuzzy Hash: B6214A719003499FDB10DFAAC48579EBBF4AF48324F14842ED558A7240DB789545CFA5
                                              Function 00BADDA0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 366 badda0-bade3c DuplicateHandle 367 bade3e-bade44 366->367 368 bade45-bade62 366->368 367->368
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BADE2F
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2185362260.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_ba0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: fe734302b9e7e643e9c10081ff1697e44744457c973c8530584fc9f0ab6464f6
                                              • Instruction ID: bb738bba2ca7ac5e9261968a8dba1783f1d3866493c4636b9b6cfa57291a9ebe
                                              • Opcode Fuzzy Hash: fe734302b9e7e643e9c10081ff1697e44744457c973c8530584fc9f0ab6464f6
                                              • Instruction Fuzzy Hash: 2B21E3B5901249AFDB10CF9AD984ADEBBF4FB48320F14845AE918A7210D379A955CFA0
                                              Function 0554F6A8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 371 554f6a8-554f735 ReadProcessMemory 374 554f737-554f73d 371->374 375 554f73e-554f76e 371->375 374->375
                                              APIs
                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0554F728
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2192446794.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_5540000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: MemoryProcessRead
                                              • String ID:
                                              • API String ID: 1726664587-0
                                              • Opcode ID: b4ed17c972a6ad11c631029619e51b9140f608096647fbc380e8f7f820e757b6
                                              • Instruction ID: f52431790c1e52c99ad73374bc937d32c14d8d711014f0d2b1e579e0e26bca55
                                              • Opcode Fuzzy Hash: b4ed17c972a6ad11c631029619e51b9140f608096647fbc380e8f7f820e757b6
                                              • Instruction Fuzzy Hash: FA2114B18003499FDB10CFAAC881AEEBBF5FF48320F10842AE519A7240D7789911CBA5
                                              Function 0848F648 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 379 848f648-848f693 381 848f6a3-848f6d3 Wow64SetThreadContext 379->381 382 848f695-848f6a1 379->382 384 848f6dc-848f70c 381->384 385 848f6d5-848f6db 381->385 382->381 385->384
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0848F6C6
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2193410346.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_8480000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: e594c12275599cea7539ff98d94820121eaf53c1c6700d3bc8c138ce7bf0515f
                                              • Instruction ID: 42b8bc5e52c3dcec423d020e642c1b5103b113f935ba39cf36fd5b7829afeaf4
                                              • Opcode Fuzzy Hash: e594c12275599cea7539ff98d94820121eaf53c1c6700d3bc8c138ce7bf0515f
                                              • Instruction Fuzzy Hash: 40211871D003098FDB10DFAAC4857AEBBF4AF88324F14842AD559A7250DB78A945CFA5
                                              Function 00BADDA8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BADE2F
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2185362260.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_ba0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 22f1e173c6793ad57a17110995056487c06dc254c56532771bedf9d264d7da9d
                                              • Instruction ID: 1f2993172c9c09c5e69924f00a6aa3134cd19878a6258d40940e2caedb266baf
                                              • Opcode Fuzzy Hash: 22f1e173c6793ad57a17110995056487c06dc254c56532771bedf9d264d7da9d
                                              • Instruction Fuzzy Hash: 5F21E4B59002499FDB10CF9AD984ADEFBF4FB48320F14801AE914A7310D378A950CF60
                                              Function 0848FB51 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0848FBC6
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2193410346.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_8480000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: d4c296baaeb8fe4750b3e290c4fd969370019f6072b882177d0ab11bea549826
                                              • Instruction ID: 2bbe0c1db9118dc013765a5b3be2e8d4e023da19c59d81637613fc942541626a
                                              • Opcode Fuzzy Hash: d4c296baaeb8fe4750b3e290c4fd969370019f6072b882177d0ab11bea549826
                                              • Instruction Fuzzy Hash: 06115972900249DFDF10DFAAD845BDFBBF5AF88720F20841AE919A7250CB759911CFA1
                                              Function 0848F158 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2193410346.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_8480000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 26bea94c944a63733c6f7b80509bf264a96502d6aab0599ff44b3e43f33fd9dd
                                              • Instruction ID: 52439ffd23ddddf4dac5995331bfb805221fbbce527528c96871c8bfc27e8a8a
                                              • Opcode Fuzzy Hash: 26bea94c944a63733c6f7b80509bf264a96502d6aab0599ff44b3e43f33fd9dd
                                              • Instruction Fuzzy Hash: 97112671900349CFDB10EFAAC84579EFBF4AF88724F24881AD559A7240DB796944CBA4
                                              Function 0848FB58 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0848FBC6
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2193410346.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_8480000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: ba5ffc7bc1c545056d3a837425a0e25eabd0601e6ad920eb510e85e172865396
                                              • Instruction ID: 88950973adbbac9309bd8ad52a1793cd8b44a3b79a0fd70c622425af6b7e2742
                                              • Opcode Fuzzy Hash: ba5ffc7bc1c545056d3a837425a0e25eabd0601e6ad920eb510e85e172865396
                                              • Instruction Fuzzy Hash: 7C1147728002499FDB10DFAAC844BDFBBF5AF88320F10841AE515A7250CB75A510CBA1
                                              Function 0848F160 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2193410346.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_8480000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 4f3c2f074e1144bb9e2a633e530e8522c631edb722355270180a227e7f162740
                                              • Instruction ID: ac47e2c4551b1c10f2f07648960c3f9111cbbae6eb74b6dcab92494b0e145ba4
                                              • Opcode Fuzzy Hash: 4f3c2f074e1144bb9e2a633e530e8522c631edb722355270180a227e7f162740
                                              • Instruction Fuzzy Hash: 981125B19003498FDB20DFAAC84579EFBF4AF88724F24841AD519A7240CB79A944CBA5
                                              Function 00BABAC0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 00BABB26
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2185362260.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_ba0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 18a320025c86fa01ca4ca3b54c4754da82667e42698d87fb9087109601e8d4d0
                                              • Instruction ID: 37b6fb307b51a08d579bc0c113cfc45d94ef50dccce36f6bd5bb9c490565cd29
                                              • Opcode Fuzzy Hash: 18a320025c86fa01ca4ca3b54c4754da82667e42698d87fb9087109601e8d4d0
                                              • Instruction Fuzzy Hash: C4110FB6C003498FCB10CF9AD844A9EFBF4EF89320F10845AD428A7611C3B9A545CFA1
                                              Function 00B4D3D8 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2184444588.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_b4d000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc44db92f696bed0b89ffd9af4247ba56abffae2ce6c75d23996810d5bef3173
                                              • Instruction ID: 8964154f81a1689f7d4da1e733ac1d3423473ba171827d1a1c26d952e9e3c501
                                              • Opcode Fuzzy Hash: fc44db92f696bed0b89ffd9af4247ba56abffae2ce6c75d23996810d5bef3173
                                              • Instruction Fuzzy Hash: 74213A76504204DFDB05DF14D9C0B26BFA5FB94324F20C5ADE9090B356C33AE956DBA2
                                              Function 00B4D4C4 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2184444588.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_b4d000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bff6477e81874fda66bee5e65c621c2677a041633151dc75f020d429320e9647
                                              • Instruction ID: 90d3d7513b509e5ce9d9a21184a870f43b73f0ceec578cb9e5a70aa52504a3d0
                                              • Opcode Fuzzy Hash: bff6477e81874fda66bee5e65c621c2677a041633151dc75f020d429320e9647
                                              • Instruction Fuzzy Hash: 64212572604240EFDB05DF14D9C0B2ABFA5FB98318F20C5ADE9090B256C736D956EAA1
                                              Function 00B5D1D4 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2184511890.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_b5d000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a6afee45fbba670c9dd5b48b795c5d5e96d6d4218f78d46bf9eab93b09d38ee8
                                              • Instruction ID: 692eadab7465f79b8810ac97daee7ecdb3d115405099b4c715543f825f8268f7
                                              • Opcode Fuzzy Hash: a6afee45fbba670c9dd5b48b795c5d5e96d6d4218f78d46bf9eab93b09d38ee8
                                              • Instruction Fuzzy Hash: 8321D075604204EFDB25DF14D9C0B26BBA5FB88315F20C6EDED094B292C777D84ACA61
                                              Function 00B5D01C Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2184511890.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_b5d000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 46dab3c982c5c4f44246d51a3a1eeee750c8108d17309ab8a3e4ce16e1bafd74
                                              • Instruction ID: 42c5296902fa53f49ff27cf7e5f19cf7717507c91e388444744c491be9bf74d4
                                              • Opcode Fuzzy Hash: 46dab3c982c5c4f44246d51a3a1eeee750c8108d17309ab8a3e4ce16e1bafd74
                                              • Instruction Fuzzy Hash: D1212575504240DFDB24DF14D5D0B26BBA1FB84315F28C6EDDD0A4B292C37AD80BCA61
                                              Function 00B5D005 Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2184511890.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_b5d000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 47d543a8d7b3e628c83fa6346eb213e35b07ed2e6856d46777d609132b17146a
                                              • Instruction ID: 0c339957e535836f1a0eae5d37150aae2d88f239784e4ada220d6df778e0b722
                                              • Opcode Fuzzy Hash: 47d543a8d7b3e628c83fa6346eb213e35b07ed2e6856d46777d609132b17146a
                                              • Instruction Fuzzy Hash: 3C2187755093C48FDB16CF20D594715BF71EB45314F28C6DAD8498B6A7C33AD80ACB62
                                              Function 00B4D4BF Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2184444588.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_b4d000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                              • Instruction ID: 667f82dd535a8cc80e75c1265ecf6cf2c363aef3e4754653e96345393d992848
                                              • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                              • Instruction Fuzzy Hash: 39110376504280CFCB01CF10D5C0B16BFB1FB94318F24C6E9D8490B256C33AD956DBA1
                                              Function 00B4D3D3 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2184444588.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_b4d000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                              • Instruction ID: 5f5bf2a02a40892eadd4cf53bee52a9d7bfc0be9e8ef67009677179f966a1401
                                              • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                              • Instruction Fuzzy Hash: F011B1B6504280DFCB15CF10D5C4B16BFB1FB94324F24C6A9D8490B756C33AE956DBA1
                                              Function 00B5D1CF Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2184511890.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_b5d000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                              • Instruction ID: e97f4dd9754eddae360818c5bdefca4ecf11ac0c1d2ab7bd8ac262f9b6429d95
                                              • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                              • Instruction Fuzzy Hash: AB117975504284DFCB15CF10D5C4B15BBA1FB84314F24C6E9DC494B6A6C37AD84ACB61

                                              Execution Graph

                                              Execution Coverage:11.4%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:18
                                              Total number of Limit Nodes:5
                                              execution_graph 26558 1240848 26560 124084e 26558->26560 26559 124091b 26560->26559 26562 1241383 26560->26562 26563 12412f7 26562->26563 26564 124138b 26562->26564 26563->26560 26565 1241484 26564->26565 26567 1247eb8 26564->26567 26565->26560 26568 1247ec2 26567->26568 26571 1247edc 26568->26571 26572 6aefa3b 26568->26572 26576 6aefa48 26568->26576 26571->26564 26574 6aefa48 26572->26574 26573 6aefc72 26573->26571 26574->26573 26575 6aefc89 GlobalMemoryStatusEx GlobalMemoryStatusEx 26574->26575 26575->26574 26578 6aefa5d 26576->26578 26577 6aefc72 26577->26571 26578->26577 26579 6aefc89 GlobalMemoryStatusEx GlobalMemoryStatusEx 26578->26579 26579->26578

                                              Executed Functions

                                              Function 06AE55C0 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 6ae55c0-6ae55dd 1 6ae55df-6ae55e2 0->1 2 6ae55e4-6ae55ea 1->2 3 6ae55f5-6ae55f8 1->3 4 6ae56d9-6ae56dc 2->4 5 6ae55f0 2->5 6 6ae55ff-6ae5602 3->6 7 6ae55fa-6ae55fc 3->7 10 6ae56e1-6ae56e4 4->10 5->3 8 6ae5604-6ae5608 6->8 9 6ae5613-6ae5616 6->9 7->6 11 6ae560e 8->11 12 6ae577d-6ae578a 8->12 13 6ae5618-6ae5622 9->13 14 6ae5630-6ae5633 9->14 15 6ae56aa-6ae56b0 10->15 16 6ae56e6-6ae56e9 10->16 11->9 25 6ae5629-6ae562b 13->25 19 6ae564c-6ae564f 14->19 20 6ae5635-6ae5647 14->20 21 6ae572a-6ae5730 15->21 22 6ae56b2 15->22 17 6ae56fc-6ae56ff 16->17 18 6ae56eb-6ae56f1 16->18 27 6ae5725-6ae5728 17->27 28 6ae5701-6ae5720 17->28 18->13 26 6ae56f7 18->26 29 6ae565d-6ae5660 19->29 30 6ae5651-6ae5658 19->30 20->19 23 6ae578b-6ae57bb 21->23 24 6ae5732-6ae573a 21->24 31 6ae56b7-6ae56ba 22->31 54 6ae57c5-6ae57c8 23->54 24->23 37 6ae573c-6ae5749 24->37 25->14 26->17 27->21 34 6ae5754-6ae5757 27->34 28->27 35 6ae5676-6ae5679 29->35 36 6ae5662-6ae5671 29->36 30->29 32 6ae56bc-6ae56bd 31->32 33 6ae56c2-6ae56c5 31->33 32->33 33->18 39 6ae56c7-6ae56ca 33->39 43 6ae576b-6ae576d 34->43 44 6ae5759-6ae5766 34->44 41 6ae567b-6ae5684 35->41 42 6ae5685-6ae5688 35->42 36->35 37->23 40 6ae574b-6ae574f 37->40 47 6ae56cc-6ae56cf 39->47 48 6ae56d4-6ae56d7 39->48 40->34 50 6ae568a-6ae56a0 42->50 51 6ae56a5-6ae56a8 42->51 52 6ae576f 43->52 53 6ae5774-6ae5777 43->53 44->43 47->48 48->4 48->10 50->51 51->15 51->31 52->53 53->1 53->12 57 6ae57ea-6ae57ed 54->57 58 6ae57ca-6ae57ce 54->58 62 6ae580f-6ae5812 57->62 63 6ae57ef-6ae57f3 57->63 60 6ae57d4-6ae57dc 58->60 61 6ae58b2-6ae58ec 58->61 60->61 64 6ae57e2-6ae57e5 60->64 80 6ae58ee-6ae58f1 61->80 66 6ae582a-6ae582d 62->66 67 6ae5814-6ae5825 62->67 63->61 65 6ae57f9-6ae5801 63->65 64->57 65->61 69 6ae5807-6ae580a 65->69 70 6ae583e-6ae5841 66->70 71 6ae582f-6ae5839 66->71 67->66 69->62 72 6ae584b-6ae584e 70->72 73 6ae5843-6ae584a 70->73 71->70 76 6ae5868-6ae586b 72->76 77 6ae5850-6ae5854 72->77 81 6ae586d-6ae5871 76->81 82 6ae5885-6ae5888 76->82 77->61 79 6ae5856-6ae585e 77->79 79->61 83 6ae5860-6ae5863 79->83 84 6ae5964-6ae5af8 80->84 85 6ae58f3-6ae58f6 80->85 81->61 86 6ae5873-6ae587b 81->86 87 6ae588a-6ae5891 82->87 88 6ae5898-6ae589a 82->88 83->76 150 6ae5afe-6ae5b05 84->150 151 6ae5c31-6ae5c44 84->151 89 6ae58f8-6ae5909 85->89 90 6ae5914-6ae5917 85->90 86->61 91 6ae587d-6ae5880 86->91 92 6ae58aa-6ae58b1 87->92 93 6ae5893 87->93 94 6ae589c 88->94 95 6ae58a1-6ae58a4 88->95 104 6ae590f 89->104 105 6ae5ca6-6ae5cb7 89->105 97 6ae5919-6ae592a 90->97 98 6ae5935-6ae5938 90->98 91->82 93->88 94->95 95->54 95->92 107 6ae5c4c-6ae5c5f 97->107 108 6ae5930 97->108 99 6ae593a-6ae594b 98->99 100 6ae5956-6ae5959 98->100 112 6ae5c78-6ae5c7f 99->112 113 6ae5951 99->113 100->84 103 6ae595b-6ae595e 100->103 103->84 110 6ae5c47-6ae5c4a 103->110 104->90 105->112 116 6ae5cb9 105->116 108->98 110->107 114 6ae5c62-6ae5c65 110->114 120 6ae5c84-6ae5c87 112->120 113->100 118 6ae5c67-6ae5c6e 114->118 119 6ae5c73-6ae5c76 114->119 122 6ae5cbe-6ae5cc1 116->122 118->119 119->112 119->120 123 6ae5c89-6ae5c9a 120->123 124 6ae5ca1-6ae5ca4 120->124 125 6ae5ccb-6ae5ccd 122->125 126 6ae5cc3-6ae5cc8 122->126 123->112 131 6ae5c9c 123->131 124->105 124->122 129 6ae5ccf 125->129 130 6ae5cd4-6ae5cd7 125->130 126->125 129->130 130->80 132 6ae5cdd-6ae5ce6 130->132 131->124 152 6ae5b0b-6ae5b3e 150->152 153 6ae5bb9-6ae5bc0 150->153 163 6ae5b43-6ae5b84 152->163 164 6ae5b40 152->164 153->151 154 6ae5bc2-6ae5bf5 153->154 166 6ae5bfa-6ae5c27 154->166 167 6ae5bf7 154->167 175 6ae5b9c-6ae5ba3 163->175 176 6ae5b86-6ae5b97 163->176 164->163 166->132 167->166 178 6ae5bab-6ae5bad 175->178 176->132 178->132
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $
                                              • API String ID: 0-3993045852
                                              • Opcode ID: ca08e48043a5d9a604ac211a1b1f57b3d587bc64a0db8ec750d3120fb23f19ce
                                              • Instruction ID: ecdf1bca5052d6c3abf6c547f7cfb4a452eb1ae00b12ca90f3e685eb1510c685
                                              • Opcode Fuzzy Hash: ca08e48043a5d9a604ac211a1b1f57b3d587bc64a0db8ec750d3120fb23f19ce
                                              • Instruction Fuzzy Hash: BC22BF75F102158FDF64EBA4E4906AEBBB2EF84318F248469D45AAF341DB36DC41CB90
                                              Function 06AE6600 Relevance: .8, Instructions: 819COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9c9dd249e845bec6a1e4013fc350c71df55e3244d0e74a4cd5a3b3cd9da78804
                                              • Instruction ID: f188a222f728f1cf5e472bf75722da725dbb2c2af3f839c40b2c87c2c1c32e78
                                              • Opcode Fuzzy Hash: 9c9dd249e845bec6a1e4013fc350c71df55e3244d0e74a4cd5a3b3cd9da78804
                                              • Instruction Fuzzy Hash: 41627D34B102058FDB54EB68D594BAEB7F2EF88314F149869E406EB391DB75ED42CB80
                                              Function 06AEC198 Relevance: .6, Instructions: 643COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1224 6aec198-6aec1b8 1225 6aec1ba-6aec1bd 1224->1225 1226 6aec1bf-6aec1c5 1225->1226 1227 6aec1d7-6aec1da 1225->1227 1228 6aec52f-6aec565 1226->1228 1229 6aec1cb-6aec1d2 1226->1229 1230 6aec1dc-6aec1f6 1227->1230 1231 6aec1fb-6aec1fe 1227->1231 1242 6aec567-6aec56a 1228->1242 1229->1227 1230->1231 1232 6aec204-6aec207 1231->1232 1233 6aec410-6aec416 1231->1233 1235 6aec209-6aec20e 1232->1235 1236 6aec211-6aec214 1232->1236 1233->1226 1238 6aec41c 1233->1238 1235->1236 1240 6aec23d-6aec240 1236->1240 1241 6aec216-6aec238 1236->1241 1239 6aec421-6aec424 1238->1239 1243 6aec43c-6aec43f 1239->1243 1244 6aec426-6aec437 1239->1244 1245 6aec254-6aec257 1240->1245 1246 6aec242-6aec249 1240->1246 1241->1240 1247 6aec56c-6aec57a 1242->1247 1248 6aec581-6aec584 1242->1248 1251 6aec460-6aec463 1243->1251 1252 6aec441-6aec45b 1243->1252 1244->1243 1255 6aec25d-6aec260 1245->1255 1256 6aec370-6aec379 1245->1256 1253 6aec24f 1246->1253 1254 6aec465-6aec466 1246->1254 1250 6aec586-6aec59f 1247->1250 1270 6aec57c 1247->1270 1249 6aec5ac-6aec5af 1248->1249 1248->1250 1265 6aec5d2-6aec5d5 1249->1265 1266 6aec5b1-6aec5cd 1249->1266 1303 6aec617-6aec623 1250->1303 1304 6aec5a1-6aec5ab 1250->1304 1251->1254 1264 6aec46b-6aec46e 1251->1264 1252->1251 1253->1245 1254->1264 1262 6aec2c2-6aec2c5 1255->1262 1263 6aec262-6aec2bd 1255->1263 1260 6aec37f 1256->1260 1261 6aec470-6aec479 1256->1261 1273 6aec384-6aec387 1260->1273 1261->1228 1277 6aec47f-6aec486 1261->1277 1274 6aec2c7-6aec2eb 1262->1274 1275 6aec2f0-6aec2f3 1262->1275 1263->1262 1264->1261 1276 6aec48b-6aec48e 1264->1276 1268 6aec5d7-6aec5e1 1265->1268 1269 6aec5e2-6aec5e5 1265->1269 1266->1265 1282 6aec5e7-6aec600 1269->1282 1283 6aec605-6aec607 1269->1283 1270->1248 1284 6aec389-6aec3ae 1273->1284 1285 6aec3b3-6aec3b6 1273->1285 1274->1275 1278 6aec30b-6aec30e 1275->1278 1279 6aec2f5-6aec306 1275->1279 1286 6aec4ba-6aec4bd 1276->1286 1287 6aec490-6aec4b5 1276->1287 1277->1276 1291 6aec310-6aec32c 1278->1291 1292 6aec331-6aec334 1278->1292 1279->1278 1282->1283 1296 6aec60e-6aec611 1283->1296 1297 6aec609 1283->1297 1284->1285 1288 6aec3b8-6aec3bb 1285->1288 1289 6aec3c0-6aec3c3 1285->1289 1293 6aec4de-6aec4e1 1286->1293 1294 6aec4bf-6aec4d9 1286->1294 1287->1286 1288->1289 1300 6aec3ee-6aec3f1 1289->1300 1301 6aec3c5-6aec3e9 1289->1301 1291->1292 1305 6aec346-6aec349 1292->1305 1306 6aec336-6aec341 1292->1306 1307 6aec4ee-6aec4f1 1293->1307 1308 6aec4e3-6aec4e9 1293->1308 1294->1293 1296->1242 1296->1303 1297->1296 1315 6aec3fe-6aec401 1300->1315 1316 6aec3f3-6aec3f9 1300->1316 1301->1300 1321 6aec629-6aec632 1303->1321 1322 6aec7c3-6aec7cd 1303->1322 1319 6aec34b-6aec35a 1305->1319 1320 6aec361-6aec364 1305->1320 1306->1305 1317 6aec512-6aec514 1307->1317 1318 6aec4f3-6aec50d 1307->1318 1308->1307 1326 6aec40b-6aec40e 1315->1326 1327 6aec403-6aec406 1315->1327 1316->1315 1330 6aec51b-6aec51e 1317->1330 1331 6aec516 1317->1331 1318->1317 1319->1288 1346 6aec35c 1319->1346 1332 6aec36b-6aec36e 1320->1332 1333 6aec366-6aec368 1320->1333 1336 6aec7ce-6aec806 1321->1336 1337 6aec638-6aec658 1321->1337 1326->1233 1326->1239 1327->1326 1330->1225 1341 6aec524-6aec52e 1330->1341 1331->1330 1332->1256 1332->1273 1333->1332 1350 6aec808-6aec80b 1336->1350 1356 6aec65e-6aec667 1337->1356 1357 6aec7b1-6aec7bd 1337->1357 1346->1320 1354 6aec9c7-6aec9ca 1350->1354 1355 6aec811-6aec81f 1350->1355 1358 6aec9cc-6aec9e8 1354->1358 1359 6aec9ed-6aec9ef 1354->1359 1364 6aec826-6aec828 1355->1364 1356->1336 1360 6aec66d-6aec69c call 6ae65b0 1356->1360 1357->1321 1357->1322 1358->1359 1362 6aec9f6-6aec9f9 1359->1362 1363 6aec9f1 1359->1363 1379 6aec6de-6aec6f4 1360->1379 1380 6aec69e-6aec6d6 1360->1380 1362->1350 1366 6aec9ff-6aeca08 1362->1366 1363->1362 1367 6aec83f-6aec869 1364->1367 1368 6aec82a-6aec82d 1364->1368 1377 6aec86f-6aec878 1367->1377 1378 6aec9bc-6aec9c6 1367->1378 1368->1366 1381 6aec87e-6aec98d call 6ae65b0 1377->1381 1382 6aec995-6aec9ba 1377->1382 1387 6aec6f6-6aec70a 1379->1387 1388 6aec712-6aec728 1379->1388 1380->1379 1381->1377 1431 6aec993 1381->1431 1382->1366 1387->1388 1397 6aec72a-6aec73e 1388->1397 1398 6aec746-6aec759 1388->1398 1397->1398 1403 6aec75b-6aec765 1398->1403 1404 6aec767 1398->1404 1405 6aec76c-6aec76e 1403->1405 1404->1405 1407 6aec79f-6aec7ab 1405->1407 1408 6aec770-6aec775 1405->1408 1407->1356 1407->1357 1409 6aec777-6aec781 1408->1409 1410 6aec783 1408->1410 1412 6aec788-6aec78a 1409->1412 1410->1412 1412->1407 1413 6aec78c-6aec798 1412->1413 1413->1407 1431->1378
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b784c7024195c884374789edea3f14ae0329ee63ea8e17c28ce29aeb227464f3
                                              • Instruction ID: 53769b16f2d1127c51c742b1aea7418a7020d677e24aa0373221e6f5ad2d50f7
                                              • Opcode Fuzzy Hash: b784c7024195c884374789edea3f14ae0329ee63ea8e17c28ce29aeb227464f3
                                              • Instruction Fuzzy Hash: 35326F74B102099FDB54EB68D990AAEB7B2FB88310F108569D516EB355DB34EC41CB90
                                              Function 06AEB23F Relevance: .6, Instructions: 569COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b0a9772a3e7b1989a2e1bc04d37cf5a26119e91be958560a709d2fd03673341a
                                              • Instruction ID: 8c75aa6ceb3468acbf2f28d2b93bf1a90850623ca487094cf1058dfe53674899
                                              • Opcode Fuzzy Hash: b0a9772a3e7b1989a2e1bc04d37cf5a26119e91be958560a709d2fd03673341a
                                              • Instruction Fuzzy Hash: E6226374E1010A8BEF64EBACD6947AEB7B1FB85310F208526E455DF391DB34DC818BA1
                                              Function 06AE3080 Relevance: .5, Instructions: 545COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2163 6ae3080-6ae30a1 2164 6ae30a3-6ae30a6 2163->2164 2165 6ae30ac-6ae30cb 2164->2165 2166 6ae3847-6ae384a 2164->2166 2176 6ae30cd-6ae30d0 2165->2176 2177 6ae30e4-6ae30ee 2165->2177 2167 6ae384c-6ae386b 2166->2167 2168 6ae3870-6ae3872 2166->2168 2167->2168 2170 6ae3879-6ae387c 2168->2170 2171 6ae3874 2168->2171 2170->2164 2172 6ae3882-6ae388b 2170->2172 2171->2170 2176->2177 2178 6ae30d2-6ae30e2 2176->2178 2180 6ae30f4-6ae3103 2177->2180 2178->2180 2289 6ae3105 call 6ae3898 2180->2289 2290 6ae3105 call 6ae38a0 2180->2290 2182 6ae310a-6ae310f 2183 6ae311c-6ae33f9 2182->2183 2184 6ae3111-6ae3117 2182->2184 2205 6ae33ff-6ae34ae 2183->2205 2206 6ae3839-6ae3846 2183->2206 2184->2172 2215 6ae34d7 2205->2215 2216 6ae34b0-6ae34d5 2205->2216 2218 6ae34e0-6ae34f3 2215->2218 2216->2218 2220 6ae34f9-6ae351b 2218->2220 2221 6ae3820-6ae382c 2218->2221 2220->2221 2224 6ae3521-6ae352b 2220->2224 2221->2205 2222 6ae3832 2221->2222 2222->2206 2224->2221 2225 6ae3531-6ae353c 2224->2225 2225->2221 2226 6ae3542-6ae3618 2225->2226 2238 6ae361a-6ae361c 2226->2238 2239 6ae3626-6ae3656 2226->2239 2238->2239 2243 6ae3658-6ae365a 2239->2243 2244 6ae3664-6ae3670 2239->2244 2243->2244 2245 6ae3672-6ae3676 2244->2245 2246 6ae36d0-6ae36d4 2244->2246 2245->2246 2249 6ae3678-6ae36a2 2245->2249 2247 6ae36da-6ae3716 2246->2247 2248 6ae3811-6ae381a 2246->2248 2259 6ae3718-6ae371a 2247->2259 2260 6ae3724-6ae3732 2247->2260 2248->2221 2248->2226 2256 6ae36a4-6ae36a6 2249->2256 2257 6ae36b0-6ae36cd 2249->2257 2256->2257 2257->2246 2259->2260 2263 6ae3749-6ae3754 2260->2263 2264 6ae3734-6ae373f 2260->2264 2267 6ae376c-6ae377d 2263->2267 2268 6ae3756-6ae375c 2263->2268 2264->2263 2269 6ae3741 2264->2269 2273 6ae377f-6ae3785 2267->2273 2274 6ae3795-6ae37a1 2267->2274 2270 6ae375e 2268->2270 2271 6ae3760-6ae3762 2268->2271 2269->2263 2270->2267 2271->2267 2275 6ae3789-6ae378b 2273->2275 2276 6ae3787 2273->2276 2278 6ae37b9-6ae380a 2274->2278 2279 6ae37a3-6ae37a9 2274->2279 2275->2274 2276->2274 2278->2248 2280 6ae37ad-6ae37af 2279->2280 2281 6ae37ab 2279->2281 2280->2278 2281->2278 2289->2182 2290->2182
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a35bba4d1a308fbfb77d396b3e775d0c130f9d8be74c192a37534b23a686ac1b
                                              • Instruction ID: ff95fbe3887b222b2a9aa190393a0fc9538ce1935da0bad3f21eb76bee15d4a3
                                              • Opcode Fuzzy Hash: a35bba4d1a308fbfb77d396b3e775d0c130f9d8be74c192a37534b23a686ac1b
                                              • Instruction Fuzzy Hash: F5321D35E1065ACFDB14EF75C8505ADB7B2FFC9300F1096AAD40AAB254EB74AD85CB80
                                              Function 06AE7D90 Relevance: .5, Instructions: 475COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2291 6ae7d90-6ae7dae 2292 6ae7db0-6ae7db3 2291->2292 2293 6ae7dd6-6ae7dd9 2292->2293 2294 6ae7db5-6ae7dd1 2292->2294 2295 6ae7ddb-6ae7de9 2293->2295 2296 6ae7df0-6ae7df3 2293->2296 2294->2293 2303 6ae7deb 2295->2303 2304 6ae7e36-6ae7e4c 2295->2304 2297 6ae7e14-6ae7e17 2296->2297 2298 6ae7df5-6ae7e0f 2296->2298 2301 6ae7e19-6ae7e23 2297->2301 2302 6ae7e24-6ae7e26 2297->2302 2298->2297 2307 6ae7e2d-6ae7e30 2302->2307 2308 6ae7e28 2302->2308 2303->2296 2311 6ae8067-6ae8071 2304->2311 2312 6ae7e52-6ae7e5b 2304->2312 2307->2292 2307->2304 2308->2307 2313 6ae8072-6ae80a7 2312->2313 2314 6ae7e61-6ae7e7e 2312->2314 2317 6ae80a9-6ae80ac 2313->2317 2323 6ae8054-6ae8061 2314->2323 2324 6ae7e84-6ae7eac 2314->2324 2319 6ae80ae-6ae80ca 2317->2319 2320 6ae80cf-6ae80d2 2317->2320 2319->2320 2321 6ae80d8-6ae80e7 2320->2321 2322 6ae8307-6ae830a 2320->2322 2333 6ae80e9-6ae8104 2321->2333 2334 6ae8106-6ae814a 2321->2334 2325 6ae83b5-6ae83b7 2322->2325 2326 6ae8310-6ae831c 2322->2326 2323->2311 2323->2312 2324->2323 2346 6ae7eb2-6ae7ebb 2324->2346 2329 6ae83be-6ae83c1 2325->2329 2330 6ae83b9 2325->2330 2336 6ae8327-6ae8329 2326->2336 2329->2317 2335 6ae83c7-6ae83d0 2329->2335 2330->2329 2333->2334 2348 6ae82db-6ae82f1 2334->2348 2349 6ae8150-6ae8161 2334->2349 2337 6ae832b-6ae8331 2336->2337 2338 6ae8341-6ae8345 2336->2338 2344 6ae8335-6ae8337 2337->2344 2345 6ae8333 2337->2345 2340 6ae8347-6ae8351 2338->2340 2341 6ae8353 2338->2341 2347 6ae8358-6ae835a 2340->2347 2341->2347 2344->2338 2345->2338 2346->2313 2350 6ae7ec1-6ae7edd 2346->2350 2351 6ae835c-6ae835f 2347->2351 2352 6ae836b-6ae83a4 2347->2352 2348->2322 2358 6ae82c6-6ae82d5 2349->2358 2359 6ae8167-6ae8184 2349->2359 2360 6ae8042-6ae804e 2350->2360 2361 6ae7ee3-6ae7f0d 2350->2361 2351->2335 2352->2321 2373 6ae83aa-6ae83b4 2352->2373 2358->2348 2358->2349 2359->2358 2370 6ae818a-6ae8280 call 6ae65b0 2359->2370 2360->2323 2360->2346 2375 6ae8038-6ae803d 2361->2375 2376 6ae7f13-6ae7f3b 2361->2376 2424 6ae828e 2370->2424 2425 6ae8282-6ae828c 2370->2425 2375->2360 2376->2375 2382 6ae7f41-6ae7f6f 2376->2382 2382->2375 2388 6ae7f75-6ae7f7e 2382->2388 2388->2375 2389 6ae7f84-6ae7fb6 2388->2389 2397 6ae7fb8-6ae7fbc 2389->2397 2398 6ae7fc1-6ae7fdd 2389->2398 2397->2375 2399 6ae7fbe 2397->2399 2398->2360 2400 6ae7fdf-6ae8036 call 6ae65b0 2398->2400 2399->2398 2400->2360 2426 6ae8293-6ae8295 2424->2426 2425->2426 2426->2358 2427 6ae8297-6ae829c 2426->2427 2428 6ae829e-6ae82a8 2427->2428 2429 6ae82aa 2427->2429 2430 6ae82af-6ae82b1 2428->2430 2429->2430 2430->2358 2431 6ae82b3-6ae82bf 2430->2431 2431->2358
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6801290e34f5f1ab5396877901d3d6166f513c54faab4920bb0f5d3438a60489
                                              • Instruction ID: d4fc70384fdea3bac5dac7a1e2ec2ef54a409616663a1ea9283eadc4c9923dba
                                              • Opcode Fuzzy Hash: 6801290e34f5f1ab5396877901d3d6166f513c54faab4920bb0f5d3438a60489
                                              • Instruction Fuzzy Hash: B602BE30B016068FDB58EB64D594AAEB7F2FF84300F248569D416EB395DB79EC42CB90
                                              Function 0124ECA0 Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 179 124eca0-124ecbb 180 124ece5-124ecfb 179->180 181 124ecbd-124ece4 179->181 202 124ecfd call 124eca0 180->202 203 124ecfd call 124ed88 180->203 184 124ed02-124ed04 185 124ed06-124ed09 184->185 186 124ed0a-124ed69 184->186 193 124ed6f-124edfc GlobalMemoryStatusEx 186->193 194 124ed6b-124ed6e 186->194 198 124ee05-124ee2d 193->198 199 124edfe-124ee04 193->199 199->198 202->184 203->184
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4584228447.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_1240000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bfe6401bb1ec0f31fd7c51486b411f95f1bafae244e935cb8b2bff02f661e2aa
                                              • Instruction ID: 943155a108346c03fb5a18b7957df3d3dedf29350568cba4c4e1a65d5d0005b7
                                              • Opcode Fuzzy Hash: bfe6401bb1ec0f31fd7c51486b411f95f1bafae244e935cb8b2bff02f661e2aa
                                              • Instruction Fuzzy Hash: D3414531E143959FDB14EF69D80429EBFF5BFCA210F05856AD904A7241EB789840CBE1
                                              Function 0124ED88 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 204 124ed88-124edfc GlobalMemoryStatusEx 206 124ee05-124ee2d 204->206 207 124edfe-124ee04 204->207 207->206
                                              APIs
                                              • GlobalMemoryStatusEx.KERNEL32 ref: 0124EDEF
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4584228447.0000000001240000.00000040.00000800.00020000.00000000.sdmp, Offset: 01240000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_1240000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID:
                                              • API String ID: 1890195054-0
                                              • Opcode ID: 868b043b7eaa931ebef98d4641f60510250308268db8c8a0ce23e0af38cc1b0a
                                              • Instruction ID: db2d0ad7f38cab900ae6c4992d7dd449150f07399d79ddc7b79dd93e10520720
                                              • Opcode Fuzzy Hash: 868b043b7eaa931ebef98d4641f60510250308268db8c8a0ce23e0af38cc1b0a
                                              • Instruction Fuzzy Hash: 0B1112B1C0065A9BDB14CF9AC544B9EFBF4BF48320F15812AE918B7240D378A954CFA1
                                              Function 06AE2378 Relevance: 1.0, Instructions: 1006COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cdfe5b1fa16bff1502334c9b39c3f6a1dce85035b5b1a6684775b82ad8ad0126
                                              • Instruction ID: 978a298aee2f94b2d4ad5f276adde1480044d7ddc7e8315345ec128731abae67
                                              • Opcode Fuzzy Hash: cdfe5b1fa16bff1502334c9b39c3f6a1dce85035b5b1a6684775b82ad8ad0126
                                              • Instruction Fuzzy Hash: 38924634A00205CFDB64EF68C584B5DBBB6FB85314F5484AAD409AF352DB75ED81CB90
                                              Function 06AECF58 Relevance: .8, Instructions: 805COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 963 6aecf58-6aecf73 964 6aecf75-6aecf78 963->964 965 6aecf7a-6aecf89 964->965 966 6aecfc1-6aecfc4 964->966 967 6aecf8b-6aecf90 965->967 968 6aecf98-6aecfa4 965->968 969 6aecfca-6aecfcd 966->969 970 6aed444-6aed450 966->970 967->968 974 6aecfaa-6aecfbc 968->974 975 6aed975-6aed9ae 968->975 971 6aecfcf-6aecfde 969->971 972 6aed016-6aed019 969->972 970->965 973 6aed456-6aed743 970->973 976 6aecfed-6aecff9 971->976 977 6aecfe0-6aecfe5 971->977 978 6aed01b-6aed01d 972->978 979 6aed028-6aed02b 972->979 1176 6aed96a-6aed974 973->1176 1177 6aed749-6aed74f 973->1177 974->966 990 6aed9b0-6aed9b3 975->990 976->975 980 6aecfff-6aed011 976->980 977->976 981 6aed2ff-6aed308 978->981 982 6aed023 978->982 984 6aed02d-6aed043 979->984 985 6aed048-6aed04b 979->985 980->972 991 6aed30a-6aed30f 981->991 992 6aed317-6aed323 981->992 982->979 984->985 988 6aed04d-6aed052 985->988 989 6aed055-6aed058 985->989 988->989 995 6aed05a-6aed09c 989->995 996 6aed0a1-6aed0a4 989->996 998 6aed9d6-6aed9d9 990->998 999 6aed9b5-6aed9d1 990->999 991->992 993 6aed329-6aed33d 992->993 994 6aed434-6aed439 992->994 1007 6aed441 993->1007 1019 6aed343-6aed355 993->1019 994->1007 995->996 1004 6aed0a6-6aed0a8 996->1004 1005 6aed0b3-6aed0b6 996->1005 1002 6aed9db call 6aedacd 998->1002 1003 6aed9e8-6aed9eb 998->1003 999->998 1018 6aed9e1-6aed9e3 1002->1018 1012 6aeda1e-6aeda20 1003->1012 1013 6aed9ed-6aeda19 1003->1013 1006 6aed0ae 1004->1006 1004->1007 1008 6aed0ff-6aed102 1005->1008 1009 6aed0b8-6aed0fa 1005->1009 1006->1005 1007->970 1022 6aed14b-6aed14e 1008->1022 1023 6aed104-6aed146 1008->1023 1009->1008 1020 6aeda27-6aeda2a 1012->1020 1021 6aeda22 1012->1021 1013->1012 1018->1003 1037 6aed379-6aed37b 1019->1037 1038 6aed357-6aed35d 1019->1038 1020->990 1028 6aeda2c-6aeda3b 1020->1028 1021->1020 1029 6aed150-6aed16c 1022->1029 1030 6aed171-6aed174 1022->1030 1023->1022 1047 6aeda3d-6aedaa0 call 6ae65b0 1028->1047 1048 6aedaa2-6aedab7 1028->1048 1029->1030 1031 6aed1bd-6aed1c0 1030->1031 1032 6aed176-6aed1b8 1030->1032 1040 6aed209-6aed20c 1031->1040 1041 6aed1c2-6aed204 1031->1041 1032->1031 1052 6aed385-6aed391 1037->1052 1045 6aed35f 1038->1045 1046 6aed361-6aed36d 1038->1046 1050 6aed20e-6aed250 1040->1050 1051 6aed255-6aed258 1040->1051 1041->1040 1056 6aed36f-6aed377 1045->1056 1046->1056 1047->1048 1070 6aedab8 1048->1070 1050->1051 1053 6aed25a-6aed29c 1051->1053 1054 6aed2a1-6aed2a4 1051->1054 1076 6aed39f 1052->1076 1077 6aed393-6aed39d 1052->1077 1053->1054 1065 6aed2ed-6aed2ef 1054->1065 1066 6aed2a6-6aed2e8 1054->1066 1056->1052 1079 6aed2f6-6aed2f9 1065->1079 1080 6aed2f1 1065->1080 1066->1065 1070->1070 1082 6aed3a4-6aed3a6 1076->1082 1077->1082 1079->964 1079->981 1080->1079 1082->1007 1090 6aed3ac-6aed3c8 call 6ae65b0 1082->1090 1112 6aed3ca-6aed3cf 1090->1112 1113 6aed3d7-6aed3e3 1090->1113 1112->1113 1113->994 1117 6aed3e5-6aed432 1113->1117 1117->1007 1178 6aed75e-6aed767 1177->1178 1179 6aed751-6aed756 1177->1179 1178->975 1180 6aed76d-6aed780 1178->1180 1179->1178 1182 6aed95a-6aed964 1180->1182 1183 6aed786-6aed78c 1180->1183 1182->1176 1182->1177 1184 6aed78e-6aed793 1183->1184 1185 6aed79b-6aed7a4 1183->1185 1184->1185 1185->975 1186 6aed7aa-6aed7cb 1185->1186 1189 6aed7cd-6aed7d2 1186->1189 1190 6aed7da-6aed7e3 1186->1190 1189->1190 1190->975 1191 6aed7e9-6aed806 1190->1191 1191->1182 1194 6aed80c-6aed812 1191->1194 1194->975 1195 6aed818-6aed831 1194->1195 1197 6aed94d-6aed954 1195->1197 1198 6aed837-6aed85e 1195->1198 1197->1182 1197->1194 1198->975 1201 6aed864-6aed86e 1198->1201 1201->975 1202 6aed874-6aed88b 1201->1202 1204 6aed88d-6aed898 1202->1204 1205 6aed89a-6aed8b5 1202->1205 1204->1205 1205->1197 1210 6aed8bb-6aed8d4 call 6ae65b0 1205->1210 1214 6aed8d6-6aed8db 1210->1214 1215 6aed8e3-6aed8ec 1210->1215 1214->1215 1215->975 1216 6aed8f2-6aed946 1215->1216 1216->1197
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 063dbb505d36c05fe0825a69070e6f4c8d700c4d5ff58e610379310bfc7ad841
                                              • Instruction ID: 555bef3d59dc6033ccc41cb22945b3e5f2f553a9d99f05cf0c551e8ff288a722
                                              • Opcode Fuzzy Hash: 063dbb505d36c05fe0825a69070e6f4c8d700c4d5ff58e610379310bfc7ad841
                                              • Instruction Fuzzy Hash: D1622D3061120A8FDB59FB68D590A5EB7F2FF84304F209968D0159F359DBB9EC46CB90
                                              Function 06AEB660 Relevance: .5, Instructions: 470COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2433 6aeb660-6aeb680 2434 6aeb682-6aeb685 2433->2434 2435 6aeb69c-6aeb69f 2434->2435 2436 6aeb687-6aeb68b 2434->2436 2439 6aeb6b5-6aeb6b8 2435->2439 2440 6aeb6a1-6aeb6aa 2435->2440 2437 6aeb9fb-6aeba36 2436->2437 2438 6aeb691-6aeb697 2436->2438 2453 6aeba38-6aeba3b 2437->2453 2438->2435 2443 6aeb6ba-6aeb6cf 2439->2443 2444 6aeb6f6-6aeb6f9 2439->2444 2441 6aeb9b7-6aeb9c0 2440->2441 2442 6aeb6b0 2440->2442 2441->2437 2447 6aeb9c2-6aeb9c9 2441->2447 2442->2439 2443->2437 2461 6aeb6d5-6aeb6f1 2443->2461 2445 6aeb70c-6aeb70f 2444->2445 2446 6aeb6fb-6aeb707 2444->2446 2449 6aeb722-6aeb725 2445->2449 2450 6aeb711-6aeb717 2445->2450 2446->2445 2451 6aeb9ce-6aeb9d1 2447->2451 2459 6aeb737-6aeb73a 2449->2459 2460 6aeb727 2449->2460 2455 6aeb71d 2450->2455 2456 6aeb991-6aeb997 2450->2456 2457 6aeb9de-6aeb9e0 2451->2457 2458 6aeb9d3-6aeb9d9 2451->2458 2462 6aebca7-6aebcaa 2453->2462 2463 6aeba41-6aeba69 2453->2463 2455->2449 2456->2437 2470 6aeb999-6aeb9a0 2456->2470 2464 6aeb9e7-6aeb9ea 2457->2464 2465 6aeb9e2 2457->2465 2458->2457 2466 6aeb9aa-6aeb9ad 2459->2466 2467 6aeb740-6aeb743 2459->2467 2476 6aeb72f-6aeb732 2460->2476 2461->2444 2468 6aebcac-6aebcc8 2462->2468 2469 6aebccd-6aebccf 2462->2469 2495 6aeba6b-6aeba6e 2463->2495 2496 6aeba73-6aebab7 2463->2496 2464->2434 2477 6aeb9f0-6aeb9fa 2464->2477 2465->2464 2473 6aeb9b2-6aeb9b5 2466->2473 2478 6aeb75a-6aeb75d 2467->2478 2479 6aeb745-6aeb749 2467->2479 2468->2469 2474 6aebcd6-6aebcd9 2469->2474 2475 6aebcd1 2469->2475 2471 6aeb9a5-6aeb9a8 2470->2471 2471->2466 2471->2473 2473->2441 2473->2451 2474->2453 2482 6aebcdf-6aebce8 2474->2482 2475->2474 2476->2459 2484 6aeb75f-6aeb765 2478->2484 2485 6aeb76a-6aeb76d 2478->2485 2479->2437 2483 6aeb74f-6aeb755 2479->2483 2483->2478 2484->2485 2486 6aeb78f-6aeb792 2485->2486 2487 6aeb76f-6aeb78a 2485->2487 2490 6aeb794-6aeb79d 2486->2490 2491 6aeb7a2-6aeb7a5 2486->2491 2487->2486 2490->2491 2491->2466 2494 6aeb7ab-6aeb7ae 2491->2494 2497 6aeb7be-6aeb7c1 2494->2497 2498 6aeb7b0-6aeb7b9 2494->2498 2495->2482 2515 6aebc9c-6aebca6 2496->2515 2516 6aebabd-6aebac6 2496->2516 2500 6aeb7c9-6aeb7cc 2497->2500 2501 6aeb7c3-6aeb7c4 2497->2501 2498->2497 2500->2450 2503 6aeb7d2-6aeb7d5 2500->2503 2501->2500 2503->2440 2504 6aeb7db-6aeb7de 2503->2504 2504->2466 2505 6aeb7e4-6aeb7e7 2504->2505 2507 6aeb80e-6aeb811 2505->2507 2508 6aeb7e9-6aeb7ed 2505->2508 2510 6aeb818-6aeb81b 2507->2510 2511 6aeb813-6aeb815 2507->2511 2508->2437 2509 6aeb7f3-6aeb803 2508->2509 2509->2466 2526 6aeb809 2509->2526 2513 6aeb81d-6aeb821 2510->2513 2514 6aeb842-6aeb845 2510->2514 2511->2510 2513->2437 2518 6aeb827-6aeb837 2513->2518 2519 6aeb85c-6aeb85f 2514->2519 2520 6aeb847-6aeb84b 2514->2520 2521 6aebacc-6aebb38 call 6ae65b0 2516->2521 2522 6aebc92-6aebc97 2516->2522 2535 6aeb83d 2518->2535 2536 6aeb967-6aeb96b 2518->2536 2524 6aeb89e-6aeb8a1 2519->2524 2525 6aeb861-6aeb876 2519->2525 2520->2437 2523 6aeb851-6aeb857 2520->2523 2561 6aebb3e-6aebb43 2521->2561 2562 6aebc32-6aebc47 2521->2562 2522->2515 2523->2519 2528 6aeb8ab-6aeb8ae 2524->2528 2529 6aeb8a3-6aeb8a8 2524->2529 2525->2437 2538 6aeb87c-6aeb899 2525->2538 2526->2507 2533 6aeb8be-6aeb8c1 2528->2533 2534 6aeb8b0-6aeb8b7 2528->2534 2529->2528 2542 6aeb8c3-6aeb8cc 2533->2542 2543 6aeb8d1-6aeb8d4 2533->2543 2540 6aeb8b9 2534->2540 2541 6aeb8d6-6aeb8df 2534->2541 2535->2514 2536->2437 2539 6aeb971-6aeb981 2536->2539 2538->2524 2539->2508 2553 6aeb987 2539->2553 2540->2533 2544 6aeb8e4-6aeb8e7 2541->2544 2542->2543 2543->2541 2543->2544 2545 6aeb90a-6aeb90d 2544->2545 2546 6aeb8e9-6aeb905 2544->2546 2551 6aeb90f-6aeb95d call 6ae65b0 2545->2551 2552 6aeb962-6aeb965 2545->2552 2546->2545 2551->2552 2552->2536 2556 6aeb98c-6aeb98f 2552->2556 2553->2556 2556->2456 2556->2471 2565 6aebb5f 2561->2565 2566 6aebb45-6aebb4b 2561->2566 2562->2522 2567 6aebb61-6aebb67 2565->2567 2568 6aebb4d-6aebb4f 2566->2568 2569 6aebb51-6aebb53 2566->2569 2571 6aebb7c-6aebb89 2567->2571 2572 6aebb69-6aebb6f 2567->2572 2573 6aebb5d 2568->2573 2569->2573 2582 6aebb8b-6aebb91 2571->2582 2583 6aebba1-6aebbae 2571->2583 2575 6aebc1d-6aebc2c 2572->2575 2576 6aebb75 2572->2576 2573->2567 2575->2561 2575->2562 2576->2571 2577 6aebbe4-6aebbf1 2576->2577 2578 6aebbb0-6aebbbd 2576->2578 2591 6aebc09-6aebc16 2577->2591 2592 6aebbf3-6aebbf9 2577->2592 2588 6aebbbf-6aebbc5 2578->2588 2589 6aebbd5-6aebbe2 2578->2589 2585 6aebb95-6aebb97 2582->2585 2586 6aebb93 2582->2586 2583->2575 2585->2583 2586->2583 2594 6aebbc9-6aebbcb 2588->2594 2595 6aebbc7 2588->2595 2589->2575 2591->2575 2596 6aebbfd-6aebbff 2592->2596 2597 6aebbfb 2592->2597 2594->2589 2595->2589 2596->2591 2597->2591
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aa09b2071b30d52b340717390190604492484395342708db67e0fc86384517cc
                                              • Instruction ID: 7e1f5276485a4c7990074894bd64f769dcb8c3379dd35d9ecb5c93437c6937a4
                                              • Opcode Fuzzy Hash: aa09b2071b30d52b340717390190604492484395342708db67e0fc86384517cc
                                              • Instruction Fuzzy Hash: 79028F30E1020A8FDB64EF68D6986ADB7B2FB85310F10852AD455EF355DB74EC81CBA1
                                              Function 06AEACE8 Relevance: .4, Instructions: 403COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2601 6aeace8-6aead06 2602 6aead08-6aead0b 2601->2602 2603 6aead0d-6aead16 2602->2603 2604 6aead25-6aead28 2602->2604 2607 6aeaf1f-6aeaf29 2603->2607 2608 6aead1c-6aead20 2603->2608 2605 6aead2a-6aead2f 2604->2605 2606 6aead32-6aead35 2604->2606 2605->2606 2609 6aead49-6aead4c 2606->2609 2610 6aead37-6aead44 2606->2610 2616 6aeaf2b-6aeaf2d 2607->2616 2617 6aeaed1-6aeaed4 2607->2617 2608->2604 2612 6aeaf05-6aeaf0e 2609->2612 2613 6aead52-6aead55 2609->2613 2610->2609 2612->2603 2614 6aeaf14-6aeaf1e 2612->2614 2618 6aead57-6aead60 2613->2618 2619 6aead65-6aead68 2613->2619 2620 6aeaf2f-6aeaf31 2616->2620 2621 6aeaed5-6aeaed8 2616->2621 2617->2621 2618->2619 2622 6aead6a-6aead7d 2619->2622 2623 6aead82-6aead85 2619->2623 2624 6aeaed9-6aeaefb 2620->2624 2625 6aeaf33-6aeaf56 2620->2625 2621->2624 2622->2623 2626 6aeada8-6aeadab 2623->2626 2627 6aead87-6aeada3 2623->2627 2658 6aeaf02 2624->2658 2630 6aeaf58-6aeaf5b 2625->2630 2628 6aeadbc-6aeadbe 2626->2628 2629 6aeadad-6aeadb1 2626->2629 2627->2626 2637 6aeadc5-6aeadc8 2628->2637 2638 6aeadc0 2628->2638 2629->2614 2636 6aeadb7 2629->2636 2633 6aeaf7e-6aeaf81 2630->2633 2634 6aeaf5d-6aeaf79 2630->2634 2640 6aeaf83 call 6aeb23f 2633->2640 2641 6aeaf90-6aeaf93 2633->2641 2634->2633 2636->2628 2637->2602 2642 6aeadce-6aeadf2 2637->2642 2638->2637 2650 6aeaf89-6aeaf8b 2640->2650 2645 6aeb1fc-6aeb1ff 2641->2645 2646 6aeaf99-6aeafd4 2641->2646 2642->2658 2666 6aeadf8-6aeae07 2642->2666 2648 6aeb210-6aeb213 2645->2648 2649 6aeb201-6aeb205 2645->2649 2661 6aeafda-6aeafe6 2646->2661 2662 6aeb1c7-6aeb1da 2646->2662 2655 6aeb215-6aeb21f 2648->2655 2656 6aeb220-6aeb222 2648->2656 2649->2646 2654 6aeb20b 2649->2654 2650->2641 2654->2648 2659 6aeb229-6aeb22c 2656->2659 2660 6aeb224 2656->2660 2658->2612 2659->2630 2664 6aeb232-6aeb23c 2659->2664 2660->2659 2670 6aeafe8-6aeb001 2661->2670 2671 6aeb006-6aeb04a 2661->2671 2665 6aeb1dc 2662->2665 2668 6aeb1dd 2665->2668 2672 6aeae1f-6aeae5a call 6ae65b0 2666->2672 2673 6aeae09-6aeae0f 2666->2673 2668->2668 2670->2665 2686 6aeb04c-6aeb05e 2671->2686 2687 6aeb066-6aeb0a5 2671->2687 2689 6aeae5c-6aeae62 2672->2689 2690 6aeae72-6aeae89 2672->2690 2674 6aeae13-6aeae15 2673->2674 2675 6aeae11 2673->2675 2674->2672 2675->2672 2686->2687 2696 6aeb18c-6aeb1a1 2687->2696 2697 6aeb0ab-6aeb186 call 6ae65b0 2687->2697 2691 6aeae66-6aeae68 2689->2691 2692 6aeae64 2689->2692 2702 6aeae8b-6aeae91 2690->2702 2703 6aeaea1-6aeaeb2 2690->2703 2691->2690 2692->2690 2696->2662 2697->2696 2705 6aeae95-6aeae97 2702->2705 2706 6aeae93 2702->2706 2709 6aeaeca-6aeaecc 2703->2709 2710 6aeaeb4-6aeaeba 2703->2710 2705->2703 2706->2703 2709->2617 2712 6aeaebe-6aeaec0 2710->2712 2713 6aeaebc 2710->2713 2712->2709 2713->2709
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9f684c31bf5eb9d03904917fc5d2244e07b425f276cb2047ed3e48ab05afa1ad
                                              • Instruction ID: 1eb700ad4a7c1be7340589ad50b4a65bb5b60c9516de3f1fea86d9f201451471
                                              • Opcode Fuzzy Hash: 9f684c31bf5eb9d03904917fc5d2244e07b425f276cb2047ed3e48ab05afa1ad
                                              • Instruction Fuzzy Hash: 12E17070E1021A8FDF58EBA8D5946AEB7F2FF89300F208529D506EB354DB759C42CB90
                                              Function 06AE9160 Relevance: .2, Instructions: 231COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b1e4b02802b390b67cb3d4a301718af589db754d27ccc44acaf3405c3c5137d6
                                              • Instruction ID: 63f608b469616d060d34839043753a65ffb90c281d291a1d3d271ba0ce19aa00
                                              • Opcode Fuzzy Hash: b1e4b02802b390b67cb3d4a301718af589db754d27ccc44acaf3405c3c5137d6
                                              • Instruction Fuzzy Hash: 3C913D74B0065A8FDB54EF68D990BAFB7B6BFC5200F108569C809AB344EA749D418B91
                                              Function 06AE6200 Relevance: .2, Instructions: 229COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: daa81096e10bb5afe55b5175e4ae01236540598a1850aab76b7079495eb934eb
                                              • Instruction ID: d0d702e1e389277a52a3e149f388233be252e847a19c85ce392346c0833fbb97
                                              • Opcode Fuzzy Hash: daa81096e10bb5afe55b5175e4ae01236540598a1850aab76b7079495eb934eb
                                              • Instruction Fuzzy Hash: 7861B471F001224BDF54AB6DD84455FBAD7AFE4210B15447AD90ADB364DEA5EC0287C1
                                              Function 06AE42B9 Relevance: .2, Instructions: 223COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 543f9c0cfba2d4554b6cbfc822ae6aadea30b358c0c5282cb8b96d565eefdb09
                                              • Instruction ID: 0cda9c763aca4239f811815b8091cdbfa4e6162666df72dfe3e068a6de899c24
                                              • Opcode Fuzzy Hash: 543f9c0cfba2d4554b6cbfc822ae6aadea30b358c0c5282cb8b96d565eefdb09
                                              • Instruction Fuzzy Hash: 0F812A74B0124A8FDB54EFA9D4546AEB7F6EFC9300F108529D50AEB384EB74DC428B91
                                              Function 06AE45D8 Relevance: .2, Instructions: 220COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: df7e4d330bc6632e9c0666d7bd73069392d40f8e8c1a804bfb880b976a438773
                                              • Instruction ID: acb13be0a047363decf6e5f995e28bf2cacb6c8fe20f3c32f02921f708072ecb
                                              • Opcode Fuzzy Hash: df7e4d330bc6632e9c0666d7bd73069392d40f8e8c1a804bfb880b976a438773
                                              • Instruction Fuzzy Hash: AD915E30E1065A8FDF64DF64C890B9DBBB1FF89300F208599D549BB241DB70AA85CF91
                                              Function 06AE45F0 Relevance: .2, Instructions: 210COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 41071862b634676fef62aa3fd04dffe457cad547bdfe9edca97bb5e154f85329
                                              • Instruction ID: eec295bf46ede7ff0612f0f95a6f75aa32b43136211903e498a1f4bc86b82eef
                                              • Opcode Fuzzy Hash: 41071862b634676fef62aa3fd04dffe457cad547bdfe9edca97bb5e154f85329
                                              • Instruction Fuzzy Hash: 4F913E34E1061A8BDF64DF68C880B9DB7B1FF89314F208599D549BB345EB70AA85CF90
                                              Function 06AEEF20 Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 64c7d2f19f6752081b3e44ffe25171bce527e3cafde066eb19de64f6dbe3b207
                                              • Instruction ID: 1944749faf5665b10c83b86f6433181db96aee7ba6d3c3f3ba972205150f90a3
                                              • Opcode Fuzzy Hash: 64c7d2f19f6752081b3e44ffe25171bce527e3cafde066eb19de64f6dbe3b207
                                              • Instruction Fuzzy Hash: 7C713C70A002499FDB58EBA9D980AAEBBF6FF88300F158469D415EB355DB74EC42CB50
                                              Function 06AEEF30 Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 61a0ab4aacba54259d2117a217c22508241b6f6fe8f1ec168ef61da49fcd2101
                                              • Instruction ID: 76040bed14fa7ecabf8515dd251e94c7c32092b45e7577ec7d9cb1a49a673a22
                                              • Opcode Fuzzy Hash: 61a0ab4aacba54259d2117a217c22508241b6f6fe8f1ec168ef61da49fcd2101
                                              • Instruction Fuzzy Hash: 28714C70A002499FDB58EFA9D980AAEBBF6FF88300F148469D015EB355DB74EC42CB50
                                              Function 06AE4B88 Relevance: .2, Instructions: 186COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bd09a3406e83543be264f07e3a24ff5e529dc06296473137aa1a4e6592d295cf
                                              • Instruction ID: 5f0d6e024b9c00864d455c9461c58ef2b5c5b888cf95a5a968cd72b79d5e9d59
                                              • Opcode Fuzzy Hash: bd09a3406e83543be264f07e3a24ff5e529dc06296473137aa1a4e6592d295cf
                                              • Instruction Fuzzy Hash: A5618E75E002199FEF54EBA9D8587AEBBF6FB88300F208429D106AB395DB754C458B90
                                              Function 06AEFC89 Relevance: .2, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3906481d3af21f7bf40179951d6bdcf3b34f5b803a773925d032fd644b6cce4
                                              • Instruction ID: 1e7973194c66c973e2ea99972612fe6bbf93dd5966d5a143f413a088b1fcdb62
                                              • Opcode Fuzzy Hash: a3906481d3af21f7bf40179951d6bdcf3b34f5b803a773925d032fd644b6cce4
                                              • Instruction Fuzzy Hash: E451E131F005099FDF64FBB8E4946AEBBB2FB85215F20886AE106DB241DB319C45CB90
                                              Function 06AEFA3B Relevance: .2, Instructions: 172COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e7d723a17885472ffeabae7e1eeca0f6ddd6098b80e3bf384d45e40c45e4cf49
                                              • Instruction ID: 4c18d6ebbf01221c50cfd685253ba519f1559ac5909d797c13faaea6659bc7f9
                                              • Opcode Fuzzy Hash: e7d723a17885472ffeabae7e1eeca0f6ddd6098b80e3bf384d45e40c45e4cf49
                                              • Instruction Fuzzy Hash: 9C517530F10209DFEF6467B8D86476F7A5AD7C9350F20442AE50ACF396CAA8CC4147A1
                                              Function 06AE915F Relevance: .2, Instructions: 164COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ded3d47b86bb9380b1a82b606e811209d66116cb641511845dc2af8e44f28e07
                                              • Instruction ID: 7c7daad71b0458cdf4a14dc67cbbf680489605fa53ba7abe41c1b4e40b238ea8
                                              • Opcode Fuzzy Hash: ded3d47b86bb9380b1a82b606e811209d66116cb641511845dc2af8e44f28e07
                                              • Instruction Fuzzy Hash: AD510D74B012468FDB55EB78E990BAF77F6FBC5240F148579C50AEB384EA349C018B90
                                              Function 06AEFA48 Relevance: .2, Instructions: 163COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 367fd308c223aef49e50faf64e2cd9b879718dddbeef9dfcf1c12b6b71722f12
                                              • Instruction ID: 52848b2b36b1035ac7c714ea7e2a028339043f9387225b75971b3fed22b7fe33
                                              • Opcode Fuzzy Hash: 367fd308c223aef49e50faf64e2cd9b879718dddbeef9dfcf1c12b6b71722f12
                                              • Instruction Fuzzy Hash: 43515230F20209DFEF6467A8D864B6F7A5AD7C9750F20442AD50ACB796CAA8CC4147A2
                                              Function 06AE9153 Relevance: .1, Instructions: 148COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9e4ce1f7bc637f6dafa38aac6f39e1195cc47dc34f983b08e59cc2182b1177ba
                                              • Instruction ID: 50e63f7be9a1a8002174239354544851f5bac25085314a6682806ecf2debe90a
                                              • Opcode Fuzzy Hash: 9e4ce1f7bc637f6dafa38aac6f39e1195cc47dc34f983b08e59cc2182b1177ba
                                              • Instruction Fuzzy Hash: FC510C74B012468FDB95EB78D990AAF77F6BFC9240F148579C409EB348EA34DC418B91
                                              Function 06AE4B78 Relevance: .1, Instructions: 130COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c6cf6281782c0f45c32300c6a6943388760a4e98b2a7ee9d1816bdc3bd37f80a
                                              • Instruction ID: a2db46e4a1caddba2a36fd3a58621d215b274a681d701ace2fafee1009360d66
                                              • Opcode Fuzzy Hash: c6cf6281782c0f45c32300c6a6943388760a4e98b2a7ee9d1816bdc3bd37f80a
                                              • Instruction Fuzzy Hash: 89416075A002199FEB55DBA9C854B9EBBF7FF88300F208529E105AB395DB754C018B90
                                              Function 06AE5431 Relevance: .1, Instructions: 130COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 25d81f49f30d02bd27e25f17f934ff34352cdc6562558f7c2fed7165aa0c6667
                                              • Instruction ID: 1c6b81524013316c32241fed77ea9cb44f1ed558528c9be53329d72a9fd5863b
                                              • Opcode Fuzzy Hash: 25d81f49f30d02bd27e25f17f934ff34352cdc6562558f7c2fed7165aa0c6667
                                              • Instruction Fuzzy Hash: 65415C31E006099FDF60DF99E980AAFBBB2FB84314F10492AD256DB650D331E9558BA0
                                              Function 06AEDACD Relevance: .1, Instructions: 125COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ed3f124e7bf45d4db040f73497aaa12cb0c20bf354ca426a5fd5d605a3640112
                                              • Instruction ID: 6ad62f9a0b0e9d16be993ad2a128ac208714d10ad0d0619d1997b893353037a6
                                              • Opcode Fuzzy Hash: ed3f124e7bf45d4db040f73497aaa12cb0c20bf354ca426a5fd5d605a3640112
                                              • Instruction Fuzzy Hash: 80418E30E0030ADFDB65FFA5D4846AEBBB2FF85344F20452AE416DB245EB749942CB91
                                              Function 06AE2200 Relevance: .1, Instructions: 105COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef443e0efa16d55509bc3e019303cc411dce9a2c8d1c96c61fea9eaf80ab0f9f
                                              • Instruction ID: c39e91449f2b5d15bdc72a1e2a1dd1544219fb64561ad4e5c6ff9051c161bcda
                                              • Opcode Fuzzy Hash: ef443e0efa16d55509bc3e019303cc411dce9a2c8d1c96c61fea9eaf80ab0f9f
                                              • Instruction Fuzzy Hash: C931CB30B102068FEB59AB78D45876F7BABABC9304F244578D406DB385EE35CE42CB90
                                              Function 06AED980 Relevance: .1, Instructions: 105COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0793899df59329adc397abdf06511c1c78138cf4987246dd011252f2a9332088
                                              • Instruction ID: 8983729b0c28dc6f11ad5fdcb0fe0908b07c59de2904b400f7834220bda2e157
                                              • Opcode Fuzzy Hash: 0793899df59329adc397abdf06511c1c78138cf4987246dd011252f2a9332088
                                              • Instruction Fuzzy Hash: 6B31A930A1070A9BDF24EF69D94069EBBB6FF85304F104529E505EF700DBB1A946CB90
                                              Function 06AE20B0 Relevance: .1, Instructions: 99COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 049de0b83539d0d9add8033cb8de4aa4371ae33047d626e4dc5ec869250f356d
                                              • Instruction ID: 2d3e721c854a13ea2eddda59b0078f7db985177e95960f55f77562f8440d0dc3
                                              • Opcode Fuzzy Hash: 049de0b83539d0d9add8033cb8de4aa4371ae33047d626e4dc5ec869250f356d
                                              • Instruction Fuzzy Hash: 51317E30E10206DFDB59EFA4D85479EB7B6BF89300F108529E906EB740DB71AE82CB50
                                              Function 06AE20C0 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 51b94ec1c22a401ba0513fdc662b71b07a600e3d606f82503296e880e25c8474
                                              • Instruction ID: a700a422d45d84fee55d20aef4a0ac95d4e4f1313bb8e6a4637fac9c6076b8da
                                              • Opcode Fuzzy Hash: 51b94ec1c22a401ba0513fdc662b71b07a600e3d606f82503296e880e25c8474
                                              • Instruction Fuzzy Hash: 7B317E30E106099FDB59EFA4D85479EB7B6FF89300F108529E906EB340DB71AE46CB50
                                              Function 06AE3EC0 Relevance: .1, Instructions: 84COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b5ee936342594e039f9ce52934b220d2643ae6a371e3fb1e78e69c954e82475
                                              • Instruction ID: ec7a790bf4465fe6b8e078b451be61746c7fdeb739a60ed6c597e2fb716ed31f
                                              • Opcode Fuzzy Hash: 1b5ee936342594e039f9ce52934b220d2643ae6a371e3fb1e78e69c954e82475
                                              • Instruction Fuzzy Hash: 32215AB5E112159FEF50DFA9D940AAEBBF5EB88210F148029E905EB380E738DD418B90
                                              Function 011FD006 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4583881831.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_11fd000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cac6bef4c66ebfce3e0cb52c080b59359bc2d92d8794f11fb9a31c702300c053
                                              • Instruction ID: ea2f4ef94818c3cbb3b07131052e2686f18803f898c8c24e9842821636f0cdc2
                                              • Opcode Fuzzy Hash: cac6bef4c66ebfce3e0cb52c080b59359bc2d92d8794f11fb9a31c702300c053
                                              • Instruction Fuzzy Hash: 4031577550D3C49FCB07CB64D990715BF71AB46214F29C5EBD9898F2A3C33A980ACB62
                                              Function 06AE3ED0 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 41735ad931cf1e7cf5a5cc0fa94b37c2d6151cc0c8b0ebdd17a8e016fef2a7c5
                                              • Instruction ID: cddef9540689256569404ec46e72aa762d84f34ed7f756f53498e4c5076d4f92
                                              • Opcode Fuzzy Hash: 41735ad931cf1e7cf5a5cc0fa94b37c2d6151cc0c8b0ebdd17a8e016fef2a7c5
                                              • Instruction Fuzzy Hash: 202157B5E112159FEB50DFA9D980AAEB7F5EB88210F148039E905EB380E738DD408B90
                                              Function 06AE55B0 Relevance: .1, Instructions: 77COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63a892e8fab94f8dbbfcf05b4a897b020ad230cfdf2c446b3fa74fd877bc8c87
                                              • Instruction ID: 45a757c594fe12041e5203a5d7a92ed3548084df3735ca5b386a343e080c0129
                                              • Opcode Fuzzy Hash: 63a892e8fab94f8dbbfcf05b4a897b020ad230cfdf2c446b3fa74fd877bc8c87
                                              • Instruction Fuzzy Hash: E821EB31E102058FEF709FA9D8807AFBBB1EB89324F24493ED159DB281D636D941CB91
                                              Function 06AE6D19 Relevance: .1, Instructions: 77COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4bab9993d78d7a88853fbafdbfd87dea2ebf846254b5e7154afaab2e2e4e56d4
                                              • Instruction ID: 5dfcb983b71a15ac261ec736cc352c4af27ae1876ad741d634bdf31cf802ce36
                                              • Opcode Fuzzy Hash: 4bab9993d78d7a88853fbafdbfd87dea2ebf846254b5e7154afaab2e2e4e56d4
                                              • Instruction Fuzzy Hash: 4E218E35B111199BDF94EBA8E990B9EBBF6FF84310F245829D405EB341EB31DD418B90
                                              Function 011FD1F8 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4583881831.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_11fd000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 787b214de2fa14dd7f6d1eaab5d4c4f176135e947569e342a93818ac0c8ec71b
                                              • Instruction ID: 38d4c1a92e46e35ab576f32e091c65920e95bc12ea095c4600ca193b54e28700
                                              • Opcode Fuzzy Hash: 787b214de2fa14dd7f6d1eaab5d4c4f176135e947569e342a93818ac0c8ec71b
                                              • Instruction Fuzzy Hash: C52104BA504244DFDF19DF94E9C0B3ABB65FB84334F24C56DEA090B246C376D406CAA2
                                              Function 011FD3A8 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4583881831.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_11fd000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d7edb8c5cb4ecb22c679b276007600606b2cc8257fa4c922f84882f4f1688a02
                                              • Instruction ID: bf22769a6ec9801159fcb5d9dbb37a905022ce0c0ab5453ee7dfd4325dc9f63d
                                              • Opcode Fuzzy Hash: d7edb8c5cb4ecb22c679b276007600606b2cc8257fa4c922f84882f4f1688a02
                                              • Instruction Fuzzy Hash: 072122B5604204EFDF09DF54E5C0B36BBA5FB84314F20C5ADDA094B652C776E846CA62
                                              Function 011FD030 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4583881831.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_11fd000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dda9a3092c901ca9a849ee40075c598bf31889487fb929feb76e09f262ad5f61
                                              • Instruction ID: a35cf49d97348088cfcf03b7614beea26c7409c32b7659295202db48408ec631
                                              • Opcode Fuzzy Hash: dda9a3092c901ca9a849ee40075c598bf31889487fb929feb76e09f262ad5f61
                                              • Instruction Fuzzy Hash: A2212271604204EFDF19DF54E9C0B36BBA1FB84314F24C56DDA0A4B292C77AD447CA62
                                              Function 06AE6D28 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3fd4d4a10fcd95d2c50d03e23c6952755900ffc4836b706eeb1f8faa00dc73f6
                                              • Instruction ID: 15a5efad8788987691ee6fa0901d21241a63facd04dba9b5ea0fa65d87c9257c
                                              • Opcode Fuzzy Hash: 3fd4d4a10fcd95d2c50d03e23c6952755900ffc4836b706eeb1f8faa00dc73f6
                                              • Instruction Fuzzy Hash: BA21A231B101199BDF84EB68E990B9EB7F6FB84310F208839D405EB340EB31ED018B80
                                              Function 06AEAF38 Relevance: .1, Instructions: 67COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d448e1b00d6f663ef87c58c009c44f3d1e1d4de2aa5a3ac89fcbc67fdfd71486
                                              • Instruction ID: 3559132617cbed59cca6e3b1d62f087a1a186544e1a76142d13069c78bc2d9ce
                                              • Opcode Fuzzy Hash: d448e1b00d6f663ef87c58c009c44f3d1e1d4de2aa5a3ac89fcbc67fdfd71486
                                              • Instruction Fuzzy Hash: 67215E71D1075A9BCF65DFA9C95469EBBB5FF85310F10892AE805FF200DB70A845CB90
                                              Function 06AE3FE0 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 537231e0463178435cb6f81f8cd28dbc3ac4814bc1250f4e5d82a7cfab9af1ab
                                              • Instruction ID: 9d9768b702a48181a33ea36f8d3e8c7d2b62ec8ef08412e874049193d9df3ce8
                                              • Opcode Fuzzy Hash: 537231e0463178435cb6f81f8cd28dbc3ac4814bc1250f4e5d82a7cfab9af1ab
                                              • Instruction Fuzzy Hash: A0115E35B001258FDF54AA78D8546AF73FAEBC8211B04493AD506EB344EE69DC018BD1
                                              Function 06AE421B Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 60839f0ef37b3b7b7b7f34f27145696b8a451898751983aa9de7f0860cd6378d
                                              • Instruction ID: f9d6f3ce883cb33ea7f1568507b93f8eb1a44454c0def8291142d6adf5c596e1
                                              • Opcode Fuzzy Hash: 60839f0ef37b3b7b7b7f34f27145696b8a451898751983aa9de7f0860cd6378d
                                              • Instruction Fuzzy Hash: A101F130B101510FDB65A6AC981476BB7EADBCA710F15846AE50ACB341E964CC024391
                                              Function 06AEA318 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1fc264695c34c8dd3ce0b753ca3d03fe213da6decdaae5347b0e789663beca81
                                              • Instruction ID: 117dedfef9c0ef782692db32aa895006c55860effc6b0cb628d39eaae5052084
                                              • Opcode Fuzzy Hash: 1fc264695c34c8dd3ce0b753ca3d03fe213da6decdaae5347b0e789663beca81
                                              • Instruction Fuzzy Hash: 7D01B174B103150FDF65EB78985075B7BE6EB86714F108839E20ACF341DE15DC028391
                                              Function 06AE3FD0 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5084cc6244d6ced8dc4bde6cc01e545324a09a2dde0b2696f0f490d7935a6d26
                                              • Instruction ID: 52cc4cc5273cddcfb94e437fb031047bd0dfb83a6547ce7fe006ceef42de9f11
                                              • Opcode Fuzzy Hash: 5084cc6244d6ced8dc4bde6cc01e545324a09a2dde0b2696f0f490d7935a6d26
                                              • Instruction Fuzzy Hash: F201B136B100155BDF64AA789C51AEF77EFEFC8210F040439D406EB680EE28DC0147E2
                                              Function 06AEF1A1 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c4150f2e25d0c148d9238a6699861f166381d6dcbc491a8071694dfcaa0828c5
                                              • Instruction ID: a2ad59a189dc493936307eae2fbb1940c9f6d58175b7e33ec81cf14ed31fce25
                                              • Opcode Fuzzy Hash: c4150f2e25d0c148d9238a6699861f166381d6dcbc491a8071694dfcaa0828c5
                                              • Instruction Fuzzy Hash: ED01D435B005045FDB65E6ACE850B6B77DAFBC5710F10882DE60ACB340EE52DC0243D1
                                              Function 011FD1F3 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4583881831.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_11fd000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ecf76333c4857edb0cae155a2ed822a1bfe38db2c40391184a4fb299c42cee64
                                              • Instruction ID: fa062f0fc1990b5bfbe29b3169158dc157f0fcdb395838d2c5e42b965c73feb9
                                              • Opcode Fuzzy Hash: ecf76333c4857edb0cae155a2ed822a1bfe38db2c40391184a4fb299c42cee64
                                              • Instruction Fuzzy Hash: 9B11907A504284CFDB16CF54E5C4B25BB61FB84324F24C6AED9494B656C33AD406CB92
                                              Function 011FD3A3 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4583881831.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_11fd000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                              • Instruction ID: b1d6fe76304e6db0ef34d7614397bb9c85d3361aa80d6e7dc734d2ef00ceeb04
                                              • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                              • Instruction Fuzzy Hash: CC11BEB5504280CFCB06CF54D5C4B65BB61FB84314F24C6AEDA494BA66C33AE44ACB52
                                              Function 06AE38A0 Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2b74703f9fff668d58bae2fd2d9195674b1c5b879bc11b9959d4048617d5781a
                                              • Instruction ID: 655e4f6e978113bc6967231e7e2695ef1fb863ee264e9693af8a33368ef94d78
                                              • Opcode Fuzzy Hash: 2b74703f9fff668d58bae2fd2d9195674b1c5b879bc11b9959d4048617d5781a
                                              • Instruction Fuzzy Hash: 0E11D3B1D01259AFCB00DF9AD984ADEFBB4FB48310F10812AE918B7300D374A554CFA5
                                              Function 06AE3898 Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc50bbc462909a7f03f381c2fcfb1f4d9dd51f0e2c16d10a0109d9e7c4b562c9
                                              • Instruction ID: d610e3be61eb9282ac65e51d7ace1d3c77807d6b56cb92b48ce811b2c323832a
                                              • Opcode Fuzzy Hash: fc50bbc462909a7f03f381c2fcfb1f4d9dd51f0e2c16d10a0109d9e7c4b562c9
                                              • Instruction Fuzzy Hash: E021C2B1D01259AFDB10DF9AD984ADEFBB4FF48310F10815AE918B7201C374A554CFA5
                                              Function 06AE4228 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 95a9f7fb4827160fe201e09221b46c8cafe88aa9d4bff3bfb3f2972c44fda5d5
                                              • Instruction ID: d6815a5de1f7d49606fbbbdbd5a462fc781628415804a668eb609255d7f00e74
                                              • Opcode Fuzzy Hash: 95a9f7fb4827160fe201e09221b46c8cafe88aa9d4bff3bfb3f2972c44fda5d5
                                              • Instruction Fuzzy Hash: BA018C31B101110BEBA8E6AD941472BB3DBEBD9B24F24883DE50ECB344EE65DC024391
                                              Function 06AEF1B0 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b88f8f596fafe6c8039d7ea22609a6093ec730066167de2ebfdabe594b510a24
                                              • Instruction ID: 2444dbbf1346e9e2c895c108a3c4716d7a4e3b9e43d678128a90223c985f1b22
                                              • Opcode Fuzzy Hash: b88f8f596fafe6c8039d7ea22609a6093ec730066167de2ebfdabe594b510a24
                                              • Instruction Fuzzy Hash: 6F018C35B005154FEB69E6ACE85472E72DAEBC9620F10883DE60ACB340EE26DC024391
                                              Function 06AEA328 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d5c961bf2c29cd276ed9563c112f1f272572bbc91eaeba3c96cff070db37b143
                                              • Instruction ID: 8cebf4ed9532fcf579178029ae95718512861cb5e95190e986cc3a93f8b27a48
                                              • Opcode Fuzzy Hash: d5c961bf2c29cd276ed9563c112f1f272572bbc91eaeba3c96cff070db37b143
                                              • Instruction Fuzzy Hash: 07011D75B106154BDBA5EB78D45471FB7D6EBC9710F108838E60ADB340EE25EC028780
                                              Function 06AEC7E8 Relevance: .0, Instructions: 33COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1888b4e1b13db7f311ea22468c4281f2c422f107401568eccee83810a36a3676
                                              • Instruction ID: a8fd2a5d8292895aa1189da83b144b96c2a80f2e5616a05a3f7c187b10477eb8
                                              • Opcode Fuzzy Hash: 1888b4e1b13db7f311ea22468c4281f2c422f107401568eccee83810a36a3676
                                              • Instruction Fuzzy Hash: 33F0A732E2122897DB146A69DC009AAB77AE784264F004435ED11AB240DA356C0187C0
                                              Function 06AE8306 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 54bc1c85032dee987849b705eec3dafedcc2abd15e03688445574410e32770ab
                                              • Instruction ID: 0fe4dce97bff02e195e94152636480a70605eec2992b81fea0a40cded8c4b4fd
                                              • Opcode Fuzzy Hash: 54bc1c85032dee987849b705eec3dafedcc2abd15e03688445574410e32770ab
                                              • Instruction Fuzzy Hash: 12F0ED36B00203CFEF64BF95AA802A9F3B8EB80251F140472CC00DB102D23CDE01CB91
                                              Function 06AE6481 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000E.00000002.4603623757.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_14_2_6ae0000_RvUJzKx.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3cd15c45c66af1163b494d65b33b4c3bc96f3a1e2dc561687e925b6c0005ed7b
                                              • Instruction ID: f600492f6f555294e9a23b17e6a16a782b31bcdeda0f293a092301b88e376e28
                                              • Opcode Fuzzy Hash: 3cd15c45c66af1163b494d65b33b4c3bc96f3a1e2dc561687e925b6c0005ed7b
                                              • Instruction Fuzzy Hash: 11E0D871E202087BDF50EE70CA45B5B775DD742314F208CA2E404DF202F536C9414791