Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rPO_CW00402902400429.exe

Overview

General Information

Sample name:rPO_CW00402902400429.exe
Analysis ID:1518185
MD5:a95188ad665b3b47e8f51ef7f0b9febc
SHA1:b6dc86a86e20ad925f96cb3e6d192833df5bb800
SHA256:169f892590fa77d8ab87886ab133ed61389f5d21c8830cbc3941785e55685166
Tags:exeuser-Porcupine
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected UAC Bypass using CMSTP
.NET source code references suspicious native API functions
AI detected suspicious sample
Allocates memory in foreign processes
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • rPO_CW00402902400429.exe (PID: 2056 cmdline: "C:\Users\user\Desktop\rPO_CW00402902400429.exe" MD5: A95188AD665B3B47E8F51EF7F0B9FEBC)
    • AddInProcess32.exe (PID: 2340 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" MD5: 9827FF3CDF4B83F9C86354606736CA9C)
    • InstallUtil.exe (PID: 5368 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • CasPol.exe (PID: 4824 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
    • CasPol.exe (PID: 2952 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
    • WerFault.exe (PID: 4300 cmdline: C:\Windows\system32\WerFault.exe -u -p 2056 -s 1032 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.visiontrade.ae", "Username": "ishaq@visiontrade.ae", "Password": "         ,,.Ishaq2021           ,,"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
      00000004.00000002.3904500922.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000004.00000002.3904500922.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000004.00000002.3906035559.0000000003671000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000004.00000002.3906035559.0000000003671000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 8 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              4.2.CasPol.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                4.2.CasPol.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  4.2.CasPol.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x357c2:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x35834:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x358be:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x35950:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x359ba:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x35a2c:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x35ac2:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x35b52:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  0.2.rPO_CW00402902400429.exe.229b4fbd068.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    0.2.rPO_CW00402902400429.exe.229b4fbd068.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 4 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 192.185.35.35, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe, Initiated: true, ProcessId: 4824, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49706

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-25T13:57:32.565040+020020301711A Network Trojan was detected192.168.2.849706192.185.35.35587TCP
                      2024-09-25T13:57:34.155197+020020301711A Network Trojan was detected192.168.2.849710192.185.35.35587TCP
                      2024-09-25T13:59:12.090718+020020301711A Network Trojan was detected192.168.2.849716192.185.35.35587TCP
                      2024-09-25T13:59:26.066992+020020301711A Network Trojan was detected192.168.2.849717192.185.35.35587TCP
                      2024-09-25T13:59:29.093107+020020301711A Network Trojan was detected192.168.2.849718192.185.35.35587TCP
                      2024-09-25T13:59:36.354997+020020301711A Network Trojan was detected192.168.2.849719192.185.35.35587TCP
                      2024-09-25T13:59:42.874235+020020301711A Network Trojan was detected192.168.2.849720192.185.35.35587TCP
                      2024-09-25T13:59:59.579689+020020301711A Network Trojan was detected192.168.2.849721192.185.35.35587TCP
                      2024-09-25T14:00:07.523135+020020301711A Network Trojan was detected192.168.2.849722192.185.35.35587TCP
                      2024-09-25T14:00:26.534658+020020301711A Network Trojan was detected192.168.2.849724192.185.35.35587TCP
                      2024-09-25T14:00:40.460677+020020301711A Network Trojan was detected192.168.2.849725192.185.35.35587TCP
                      2024-09-25T14:00:44.637125+020020301711A Network Trojan was detected192.168.2.849727192.185.35.35587TCP
                      2024-09-25T14:01:04.309863+020020301711A Network Trojan was detected192.168.2.849728192.185.35.35587TCP
                      2024-09-25T14:01:12.947054+020020301711A Network Trojan was detected192.168.2.849730192.185.35.35587TCP
                      2024-09-25T14:01:13.447069+020020301711A Network Trojan was detected192.168.2.849731192.185.35.35587TCP
                      2024-09-25T14:01:28.562732+020020301711A Network Trojan was detected192.168.2.849732192.185.35.35587TCP
                      2024-09-25T14:01:35.341086+020020301711A Network Trojan was detected192.168.2.849733192.185.35.35587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-25T13:57:32.022824+020028555421A Network Trojan was detected192.168.2.849706192.185.35.35587TCP
                      2024-09-25T13:57:33.941370+020028555421A Network Trojan was detected192.168.2.849710192.185.35.35587TCP
                      2024-09-25T13:59:12.083159+020028555421A Network Trojan was detected192.168.2.849716192.185.35.35587TCP
                      2024-09-25T13:59:26.056933+020028555421A Network Trojan was detected192.168.2.849717192.185.35.35587TCP
                      2024-09-25T13:59:29.085276+020028555421A Network Trojan was detected192.168.2.849718192.185.35.35587TCP
                      2024-09-25T13:59:36.345966+020028555421A Network Trojan was detected192.168.2.849719192.185.35.35587TCP
                      2024-09-25T13:59:42.867356+020028555421A Network Trojan was detected192.168.2.849720192.185.35.35587TCP
                      2024-09-25T13:59:59.569333+020028555421A Network Trojan was detected192.168.2.849721192.185.35.35587TCP
                      2024-09-25T14:00:07.515927+020028555421A Network Trojan was detected192.168.2.849722192.185.35.35587TCP
                      2024-09-25T14:00:26.526605+020028555421A Network Trojan was detected192.168.2.849724192.185.35.35587TCP
                      2024-09-25T14:00:40.454593+020028555421A Network Trojan was detected192.168.2.849725192.185.35.35587TCP
                      2024-09-25T14:00:44.630933+020028555421A Network Trojan was detected192.168.2.849727192.185.35.35587TCP
                      2024-09-25T14:01:04.303489+020028555421A Network Trojan was detected192.168.2.849728192.185.35.35587TCP
                      2024-09-25T14:01:12.940839+020028555421A Network Trojan was detected192.168.2.849730192.185.35.35587TCP
                      2024-09-25T14:01:13.439468+020028555421A Network Trojan was detected192.168.2.849731192.185.35.35587TCP
                      2024-09-25T14:01:28.556578+020028555421A Network Trojan was detected192.168.2.849732192.185.35.35587TCP
                      2024-09-25T14:01:35.334481+020028555421A Network Trojan was detected192.168.2.849733192.185.35.35587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-25T13:57:32.022824+020028552451A Network Trojan was detected192.168.2.849706192.185.35.35587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-25T13:57:32.565040+020028397231Malware Command and Control Activity Detected192.168.2.849706192.185.35.35587TCP
                      2024-09-25T13:57:34.155197+020028397231Malware Command and Control Activity Detected192.168.2.849710192.185.35.35587TCP
                      2024-09-25T13:59:12.090718+020028397231Malware Command and Control Activity Detected192.168.2.849716192.185.35.35587TCP
                      2024-09-25T13:59:26.066992+020028397231Malware Command and Control Activity Detected192.168.2.849717192.185.35.35587TCP
                      2024-09-25T13:59:29.093107+020028397231Malware Command and Control Activity Detected192.168.2.849718192.185.35.35587TCP
                      2024-09-25T13:59:36.354997+020028397231Malware Command and Control Activity Detected192.168.2.849719192.185.35.35587TCP
                      2024-09-25T13:59:42.874235+020028397231Malware Command and Control Activity Detected192.168.2.849720192.185.35.35587TCP
                      2024-09-25T13:59:59.579689+020028397231Malware Command and Control Activity Detected192.168.2.849721192.185.35.35587TCP
                      2024-09-25T14:00:07.523135+020028397231Malware Command and Control Activity Detected192.168.2.849722192.185.35.35587TCP
                      2024-09-25T14:00:26.534658+020028397231Malware Command and Control Activity Detected192.168.2.849724192.185.35.35587TCP
                      2024-09-25T14:00:40.460677+020028397231Malware Command and Control Activity Detected192.168.2.849725192.185.35.35587TCP
                      2024-09-25T14:00:44.637125+020028397231Malware Command and Control Activity Detected192.168.2.849727192.185.35.35587TCP
                      2024-09-25T14:01:04.309863+020028397231Malware Command and Control Activity Detected192.168.2.849728192.185.35.35587TCP
                      2024-09-25T14:01:12.947054+020028397231Malware Command and Control Activity Detected192.168.2.849730192.185.35.35587TCP
                      2024-09-25T14:01:13.447069+020028397231Malware Command and Control Activity Detected192.168.2.849731192.185.35.35587TCP
                      2024-09-25T14:01:28.562732+020028397231Malware Command and Control Activity Detected192.168.2.849732192.185.35.35587TCP
                      2024-09-25T14:01:35.341086+020028397231Malware Command and Control Activity Detected192.168.2.849733192.185.35.35587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-25T13:57:32.565040+020028400321A Network Trojan was detected192.168.2.849706192.185.35.35587TCP
                      2024-09-25T13:57:34.155197+020028400321A Network Trojan was detected192.168.2.849710192.185.35.35587TCP
                      2024-09-25T13:59:12.090718+020028400321A Network Trojan was detected192.168.2.849716192.185.35.35587TCP
                      2024-09-25T13:59:26.066992+020028400321A Network Trojan was detected192.168.2.849717192.185.35.35587TCP
                      2024-09-25T13:59:29.093107+020028400321A Network Trojan was detected192.168.2.849718192.185.35.35587TCP
                      2024-09-25T13:59:36.354997+020028400321A Network Trojan was detected192.168.2.849719192.185.35.35587TCP
                      2024-09-25T13:59:42.874235+020028400321A Network Trojan was detected192.168.2.849720192.185.35.35587TCP
                      2024-09-25T13:59:59.579689+020028400321A Network Trojan was detected192.168.2.849721192.185.35.35587TCP
                      2024-09-25T14:00:07.523135+020028400321A Network Trojan was detected192.168.2.849722192.185.35.35587TCP
                      2024-09-25T14:00:26.534658+020028400321A Network Trojan was detected192.168.2.849724192.185.35.35587TCP
                      2024-09-25T14:00:40.460677+020028400321A Network Trojan was detected192.168.2.849725192.185.35.35587TCP
                      2024-09-25T14:00:44.637125+020028400321A Network Trojan was detected192.168.2.849727192.185.35.35587TCP
                      2024-09-25T14:01:04.309863+020028400321A Network Trojan was detected192.168.2.849728192.185.35.35587TCP
                      2024-09-25T14:01:12.947054+020028400321A Network Trojan was detected192.168.2.849730192.185.35.35587TCP
                      2024-09-25T14:01:13.447069+020028400321A Network Trojan was detected192.168.2.849731192.185.35.35587TCP
                      2024-09-25T14:01:28.562732+020028400321A Network Trojan was detected192.168.2.849732192.185.35.35587TCP
                      2024-09-25T14:01:35.341086+020028400321A Network Trojan was detected192.168.2.849733192.185.35.35587TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 4.2.CasPol.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.visiontrade.ae", "Username": "ishaq@visiontrade.ae", "Password": " ,,.Ishaq2021 ,,"}
                      Multi AV Scanner detection for submitted file
                      Source: rPO_CW00402902400429.exeReversingLabs: Detection: 44%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: rPO_CW00402902400429.exeJoe Sandbox ML: detected

                      Exploits

                      barindex
                      Yara detected UAC Bypass using CMSTP
                      Source: Yara matchFile source: 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rPO_CW00402902400429.exe PID: 2056, type: MEMORYSTR
                      Source: rPO_CW00402902400429.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.pdb` source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.ni.pdbRSDS source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.Core.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.pdbH source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.ni.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.Core.ni.pdbRSDS source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.Core.ni.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WER5D13.tmp.dmp.8.dr

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49710 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855245 - Severity 1 - ETPRO MALWARE Agent Tesla Exfil via SMTP : 192.168.2.8:49706 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49706 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49706 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49706 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49706 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49710 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49717 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49719 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49710 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49710 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49725 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49721 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49727 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49718 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49719 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49719 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49719 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49725 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49725 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49725 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49722 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49717 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49717 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49717 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49728 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49727 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49727 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49727 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49730 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49721 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49721 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49721 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49728 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49728 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49728 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49732 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49730 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49730 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49730 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49724 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49732 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49732 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49732 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49731 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49718 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49718 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49720 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49718 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49722 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49722 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49722 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49720 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49720 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49720 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49731 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49731 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49731 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49724 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49724 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49724 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49716 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49716 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49716 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49716 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49733 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49733 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2839723 - Severity 1 - ETPRO MALWARE Win32/Agent Tesla SMTP Activity : 192.168.2.8:49733 -> 192.185.35.35:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49733 -> 192.185.35.35:587
                      Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficDNS traffic detected: DNS query: mail.visiontrade.ae
                      Source: CasPol.exe, 00000004.00000002.3906035559.0000000003A56000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003875000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.00000000037E9000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003721000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003973000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003903000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003AE0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003B3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.visiontrade.ae
                      Source: Amcache.hve.8.drString found in binary or memory: http://upx.sf.net
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1518442215.00000229B4F2B000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3904500922.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Installs a global keyboard hook
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 4.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.rPO_CW00402902400429.exe.229b4fbd068.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.rPO_CW00402902400429.exe.229b4f2b420.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: rPO_CW00402902400429.exe
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2BE35A NtUnmapViewOfSection,0_2_00007FFB4B2BE35A
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2A33D00_2_00007FFB4B2A33D0
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2B4BE50_2_00007FFB4B2B4BE5
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2A74200_2_00007FFB4B2A7420
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2AEAC90_2_00007FFB4B2AEAC9
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2AB2F40_2_00007FFB4B2AB2F4
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2B7AE80_2_00007FFB4B2B7AE8
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2ABB600_2_00007FFB4B2ABB60
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2A09090_2_00007FFB4B2A0909
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2A8FF80_2_00007FFB4B2A8FF8
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2A8FF00_2_00007FFB4B2A8FF0
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2ABF410_2_00007FFB4B2ABF41
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2A45F00_2_00007FFB4B2A45F0
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2B96390_2_00007FFB4B2B9639
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2BACD80_2_00007FFB4B2BACD8
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2B025F0_2_00007FFB4B2B025F
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B2B86C40_2_00007FFB4B2B86C4
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B3700000_2_00007FFB4B370000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_014F00404_2_014F0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_014F00064_2_014F0006
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_031443384_2_03144338
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_03144C084_2_03144C08
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_03143FF04_2_03143FF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0314BF104_2_0314BF10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0314BF204_2_0314BF20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_06976F984_2_06976F98
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_06973C804_2_06973C80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0697C0B84_2_0697C0B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0697F8604_2_0697F860
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0697A9284_2_0697A928
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_06973F804_2_06973F80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_06979C174_2_06979C17
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0697B9D84_2_0697B9D8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_069A49E14_2_069A49E1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_069A7EE84_2_069A7EE8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_08C49AD04_2_08C49AD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_08C44BA04_2_08C44BA0
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2056 -s 1032
                      Source: rPO_CW00402902400429.exeStatic PE information: No import functions for PE file found
                      Source: rPO_CW00402902400429.exe, 00000000.00000000.1426326805.00000229A2CE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTransponer.exe6 vs rPO_CW00402902400429.exe
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1518442215.00000229B4F2B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAgitobewiquqeqixot@ vs rPO_CW00402902400429.exe
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1518442215.00000229B4F2B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename0641d325-ae21-4008-b8fc-830a2a367929.exe4 vs rPO_CW00402902400429.exe
                      Source: rPO_CW00402902400429.exeBinary or memory string: OriginalFilenameTransponer.exe6 vs rPO_CW00402902400429.exe
                      Source: 4.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.rPO_CW00402902400429.exe.229b4fbd068.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.rPO_CW00402902400429.exe.229b4f2b420.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@10/5@1/1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMutant created: NULL
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2056
                      Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\d94a4230-5e84-424f-b3df-8466782a400eJump to behavior
                      Source: rPO_CW00402902400429.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: rPO_CW00402902400429.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: rPO_CW00402902400429.exeReversingLabs: Detection: 44%
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeFile read: C:\Users\user\Desktop\rPO_CW00402902400429.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\rPO_CW00402902400429.exe "C:\Users\user\Desktop\rPO_CW00402902400429.exe"
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2056 -s 1032
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: rPO_CW00402902400429.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: rPO_CW00402902400429.exeStatic file information: File size 1148447 > 1048576
                      Source: rPO_CW00402902400429.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.pdb` source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.ni.pdbRSDS source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.Core.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.pdbH source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.ni.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.Core.ni.pdbRSDS source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: System.Core.ni.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WER5D13.tmp.dmp.8.dr
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeCode function: 0_2_00007FFB4B370000 push esp; retf 4810h0_2_00007FFB4B370312
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_069AC2F0 push es; ret 4_2_069AC300
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_08C404B3 push eax; ret 4_2_08C404B9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_08C404BB push es; ret 4_2_08C404C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_08C47DD1 push es; ret 4_2_08C47DE0
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: rPO_CW00402902400429.exe PID: 2056, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeMemory allocated: 229A3030000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeMemory allocated: 229BCAC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: 3120000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: 3670000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: 3160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1200000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199874Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199765Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199546Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199219Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199094Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198984Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198765Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198546Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198218Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 2031Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 7815Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99888s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99781s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99672s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99562s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99452s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99343s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99234s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99124s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99015s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98847s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98672s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98558s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98453s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98343s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98234s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98125s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98015s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99938s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99813s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99688s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99563s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99438s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99328s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99219s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -99094s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98985s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98860s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98722s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98594s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98484s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98365s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -98235s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1200000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1199874s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1199765s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1199656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1199546s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1199437s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1199328s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1199219s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1199094s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1198984s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1198875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1198765s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1198656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1198546s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1198437s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1198328s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 636Thread sleep time: -1198218s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99888Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99781Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99672Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99562Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99452Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99343Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99234Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99124Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99015Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98847Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98672Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98558Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98453Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98343Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98234Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98125Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98015Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99938Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99813Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99688Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99563Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99438Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99219Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99094Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98722Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98594Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98484Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98365Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1200000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199874Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199765Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199546Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199219Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1199094Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198984Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198765Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198546Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 1198218Jump to behavior
                      Source: Amcache.hve.8.drBinary or memory string: VMware
                      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin
                      Source: Amcache.hve.8.drBinary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67
                      Source: Amcache.hve.8.drBinary or memory string: VMware, Inc.
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: Amcache.hve.8.drBinary or memory string: VMware20,1hbin@
                      Source: Amcache.hve.8.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                      Source: Amcache.hve.8.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.8.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.8.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
                      Source: CasPol.exe, 00000004.00000002.3908763466.0000000004878000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3908763466.00000000047D8000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3908763466.00000000047F8000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3908763466.0000000004798000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3908763466.0000000004738000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3908763466.00000000047B8000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.00000000038B5000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3908763466.0000000004838000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3908763466.0000000004778000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3908763466.0000000004858000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003B19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: cMSQxQFZVlULks+0blGDwWYdOO4uTXX2rUL2dhH9jlaVBJFbKsm11IDHgFsZzyc1aEcY
                      Source: Amcache.hve.8.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                      Source: Amcache.hve.8.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.8.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: CasPol.exe, 00000004.00000002.3910831782.0000000006710000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: Amcache.hve.8.drBinary or memory string: vmci.sys
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
                      Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin`
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: Amcache.hve.8.drBinary or memory string: \driver\vmci,\driver\pci
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                      Source: Amcache.hve.8.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.8.drBinary or memory string: VMware20,1
                      Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.8.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.8.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.8.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                      Source: Amcache.hve.8.drBinary or memory string: VMware PCI VMCI Bus Device
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
                      Source: rPO_CW00402902400429.exe, 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
                      Source: Amcache.hve.8.drBinary or memory string: VMware VMCI Bus Device
                      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual RAM
                      Source: Amcache.hve.8.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: Amcache.hve.8.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      .NET source code references suspicious native API functions
                      Source: rPO_CW00402902400429.exe, --.csReference to suspicious API methods: LoadLibrary(_0606_065B_06E4(_FDCB_FDFF_FDEF_FDDD_FDCB_061D_0670._06FD_FBCA_FDC9))
                      Source: rPO_CW00402902400429.exe, --.csReference to suspicious API methods: GetProcAddress(intPtr, _0606_065B_06E4(_FDCB_FDFF_FDEF_FDDD_FDCB_061D_0670._06D4))
                      Source: rPO_CW00402902400429.exe, --.csReference to suspicious API methods: VirtualProtect(procAddress, (uint)array.ToArray().Length, 64u, out var __FBB9_0652_06FE)
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000 value starts with: 4D5AJump to behavior
                      Sample uses process hollowing technique
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base address: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base address: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base address: 400000Jump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 440000Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 442000Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 116F008Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeQueries volume information: C:\Users\user\Desktop\rPO_CW00402902400429.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\rPO_CW00402902400429.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: MsMpEng.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 4.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.rPO_CW00402902400429.exe.229b4fbd068.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.rPO_CW00402902400429.exe.229b4f2b420.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.3904500922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3906035559.0000000003671000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1518442215.00000229B4F2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rPO_CW00402902400429.exe PID: 2056, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4824, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 4.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.rPO_CW00402902400429.exe.229b4fbd068.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.rPO_CW00402902400429.exe.229b4f2b420.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.3904500922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3906035559.0000000003671000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1518442215.00000229B4F2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rPO_CW00402902400429.exe PID: 2056, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4824, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 4.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.rPO_CW00402902400429.exe.229b4fbd068.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.rPO_CW00402902400429.exe.229b4f2b420.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.3904500922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3906035559.0000000003671000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1518442215.00000229B4F2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rPO_CW00402902400429.exe PID: 2056, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4824, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		411
                      Process Injection                      		1
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		231
                      Security Software Discovery                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Native API                      		Boot or Logon Initialization Scripts1
                      DLL Side-Loading                      		151
                      Virtualization/Sandbox Evasion                      		11
                      Input Capture                      		1
                      Process Discovery                      		Remote Desktop Protocol11
                      Input Capture                      		1
                      Non-Application Layer Protocol                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Shared Modules                      		Logon Script (Windows)Logon Script (Windows)411
                      Process Injection                      		1
                      Credentials in Registry                      		151
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares1
                      Archive Collected Data                      		1
                      Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      Obfuscated Files or Information                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object Model2
                      Data from Local System                      		Protocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets1
                      File and Directory Discovery                      		SSH1
                      Clipboard Data                      		Fallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials24
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      rPO_CW00402902400429.exe45%ReversingLabsByteCode-MSIL.Trojan.GenSteal
                      rPO_CW00402902400429.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://upx.sf.net0%URL Reputationsafe
                      https://account.dyn.com/0%URL Reputationsafe
                      http://mail.visiontrade.ae0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      mail.visiontrade.ae
                      		192.185.35.35
                      		truetrue
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://mail.visiontrade.aeCasPol.exe, 00000004.00000002.3906035559.0000000003A56000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003875000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.00000000037E9000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003721000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003973000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003903000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003AE0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.00000000037B1000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3906035559.0000000003B3F000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://upx.sf.netAmcache.hve.8.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://account.dyn.com/rPO_CW00402902400429.exe, 00000000.00000002.1518442215.00000229B4F2B000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000004.00000002.3904500922.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        192.185.35.35
                        		mail.visiontrade.aeUnited States
                        		46606UNIFIEDLAYER-AS-1UStrue

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1518185
                        Start date and time:2024-09-25 13:56:24 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 7m 52s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:14
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:rPO_CW00402902400429.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.expl.evad.winEXE@10/5@1/1
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 99%
                        • Number of executed functions: 118
                        • Number of non-executed functions: 1
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 20.189.173.20
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                        • Report size getting too big, too many NtSetInformationFile calls found.
                        • VT rate limit hit for: rPO_CW00402902400429.exe

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        07:57:29API Interceptor10715137x Sleep call for process: CasPol.exe modified
                        07:57:32API Interceptor1x Sleep call for process: WerFault.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        192.185.35.35PO_CW00402902400429.exeGet hashmaliciousAgentTeslaBrowse
                          PO_CW00402902400429.exeGet hashmaliciousAgentTeslaBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            mail.visiontrade.aePO_CW00402902400429.exeGet hashmaliciousAgentTeslaBrowse
                            • 192.185.35.35
                            PO_CW00402902400429.exeGet hashmaliciousAgentTeslaBrowse
                            • 192.185.35.35

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            UNIFIEDLAYER-AS-1USZe1Ueabtx5.imgGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • 192.185.13.234
                            Documenti di spedizione 0009333000459595995.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • 192.185.13.234
                            Audio_Msg..00290663894983Transcript.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 162.215.211.9
                            rPO_CW00402902400438.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            • 162.241.27.20
                            Shipping Document.exeGet hashmaliciousAgentTeslaBrowse
                            • 162.214.80.31
                            https://wbh.sxx.temporary.site/Get hashmaliciousUnknownBrowse
                            • 50.6.160.227
                            https://pnp.zfx.mybluehost.me/wp-content/it/web/login.php/Get hashmaliciousUnknownBrowse
                            • 50.6.153.149
                            https://hr.schoolrundriver.com/system/fonts/wordpress/CHASEGet hashmaliciousUnknownBrowse
                            • 192.232.218.112
                            https://rb.gy/5ow3t3Get hashmaliciousUnknownBrowse
                            • 50.6.153.151
                            https://sjc.hgp.mybluehost.me/binance/bnb/access/account/login.php/Get hashmaliciousUnknownBrowse
                            • 50.6.153.107

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rPO_CW0040290240_c467604e2b9041c156143b855f9b456346c1ec4_ec16f35a_4b4e821b-314a-40c1-8f69-ae3e221c07af\Report.wer

                            Download File
                            Process:C:\Windows\System32\WerFault.exe
                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):65536
                            Entropy (8bit):0.989607340769197
                            Encrypted:false
                            SSDEEP:192:WlBzMC7IV0UnUVaWBUUrzuiFGZ24lO80:SP7I2UnUVamU6zuiFGY4lO80
                            MD5:EDD7A22E65A2D0F119699B51E505A458
                            SHA1:CDE73A80197C1DD607BDE40AFE33DCA78EE1984D
                            SHA-256:B7CD2B33CF0D113EE00841E33C68B7C186AA5CBAD3D8BEC027F8694617A8D089
                            SHA-512:753A3E2E4DEDCEDA7FB56A925B1427CC35F31CB15DA9801B88D6E639C348B227D53FE05BDBBF9C8762D99704777A50AEBB5A7EBBD26165EA885BC1CDF3EF780D
                            Malicious:false
                            Reputation:low
                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.1.7.3.9.0.4.6.2.6.1.1.1.1.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.1.7.3.9.0.4.6.6.6.7.3.5.7.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.b.4.e.8.2.1.b.-.3.1.4.a.-.4.0.c.1.-.8.f.6.9.-.a.e.3.e.2.2.1.c.0.7.a.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.1.f.1.f.2.1.2.-.5.6.0.5.-.4.7.1.b.-.b.1.0.c.-.7.5.e.4.a.e.7.5.c.5.7.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.P.O._.C.W.0.0.4.0.2.9.0.2.4.0.0.4.2.9...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.T.r.a.n.s.p.o.n.e.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.0.8.-.0.0.0.1.-.0.0.1.4.-.6.b.e.0.-.5.f.1.5.4.2.0.f.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.8.7.8.5.3.e.9.0.f.6.0.5.6.a.0.6.1.c.8.9.8.f.b.9.d.3.d.a.1.c.a.0.0.0.0.0.0.0.0.!.0.0.0.0.b.6.d.c.8.6.a.8.6.e.2.0.a.d.9.2.5.f.9.6.c.b.3.e.6.d.1.9.2.8.3.3.d.f.5.b.b.8.0.

                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D13.tmp.dmp

                            Download File
                            Process:C:\Windows\System32\WerFault.exe
                            File Type:Mini DuMP crash report, 16 streams, Wed Sep 25 11:57:26 2024, 0x1205a4 type
                            Category:dropped
                            Size (bytes):372827
                            Entropy (8bit):3.338444173912552
                            Encrypted:false
                            SSDEEP:3072:+SwNW3+vSX4skhz2ws5GGnLPVG5icOjcSwlbZlv5ht1CCqm:+k3QS9hMPq
                            MD5:56061C541A59A62CF2FBFF63ACDEF925
                            SHA1:BB765F18AAF58A6D8FADB1FF362AE3C00FC9BF11
                            SHA-256:DF404FCD2A2BF2A04E67127FF80C0C4D2A84A07D625D83A140F6BF8AB5AFDA8A
                            SHA-512:655E42A4AC609CD2F6C1E36F60D2AB90A286CB92CDEA18855FBBEA4E681896409831E6BDF0B316AB174D101C5DEF25533EF55735F9F06D0CDF2BA07A107363BF
                            Malicious:false
                            Reputation:low
                            Preview:MDMP..a..... ..........f....................................$...h...................dE...n..........l.......8...........T...........()..3............6...........8..............................................................................eJ.......9......Lw......................T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E0E.tmp.WERInternalMetadata.xml

                            Download File
                            Process:C:\Windows\System32\WerFault.exe
                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):8640
                            Entropy (8bit):3.7060217581472537
                            Encrypted:false
                            SSDEEP:192:R6l7wVeJIq56YSaG+BsgmfLM6prZ89bGwCflCm:R6lXJ956Y/G+BsgmfLM5GFfR
                            MD5:5ADEEEF573FD2E95287F8CDC5523E774
                            SHA1:CD40C6B2E1D1E9EF12EFF2878FC80A05558D9CA6
                            SHA-256:00F76B49B4543CE9F60412B7290980E89F935D8FB2AF7310F8CD46FE90DEBD48
                            SHA-512:2328C65223B8A958AA9C02A20B17A31586FBECED03B0BD234C6E877E8D5D8CA6E3B01636C2499C2FC5B6FFA4C0009B812BAB8BF3B85C692498BD7DD650A7BB82
                            Malicious:false
                            Reputation:low
                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.0.5.6.<./.P.i.

                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E2E.tmp.xml

                            Download File
                            Process:C:\Windows\System32\WerFault.exe
                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4808
                            Entropy (8bit):4.521985534583426
                            Encrypted:false
                            SSDEEP:48:cvIwWl8zsBiJg771I99PyWpW8VYjyYm8M4J5r/QFHyq85VCQPhzz1m1ad:uIjfBwI7e77V2JkgJtUad
                            MD5:6463A2F7BFB221B3400452E24150A568
                            SHA1:1BC6C3CFBE578C2625745F254FFB7ABFA4DAC6A3
                            SHA-256:C5CEB20ECC680313BD7A7D629C56016F2DC25FCFBF913F931728D314F492224F
                            SHA-512:DA4565D49C7F3DCBA6A7A91BE8CCAAE90D84C9F2FEFBDAD67D3A97FF3C5F6D644CBB05DA142519FB055F4530D3E12B58AED38C02E49F91DDE1FC0C02A535DC98
                            Malicious:false
                            Reputation:low
                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="515700" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                            C:\Windows\appcompat\Programs\Amcache.hve

                            Download File
                            Process:C:\Windows\System32\WerFault.exe
                            File Type:MS Windows registry file, NT/2000 or above
                            Category:dropped
                            Size (bytes):1835008
                            Entropy (8bit):4.372409876919931
                            Encrypted:false
                            SSDEEP:6144:kFVfpi6ceLP/9skLmb0ryWWSPtaJG8nAge35OlMMhA2AX4WABlguNjiL:kV1xyWWI/glMM6kF7lq
                            MD5:93964554A64073FBCD1F30BC36F2778F
                            SHA1:87935783719271709992B81CDE89386724D0B89C
                            SHA-256:44E8CF03508B093E3DC88B7D6991D6FA20A503D461199BA7C6CE8D34847F379A
                            SHA-512:DED622E67FDEDECA7AD8213745B5746096050731FCF5DEC9826A97C17D9385C2EF3E3B7219A40E099D4F3755F0982B1163AC00DADBACD174D100C1B867929B62
                            Malicious:false
                            Reputation:low
                            Preview:regfC...C....\.Z.................... ....0......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.f..B................................................................................................................................................................................................................................................................................................................................................3."........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            Static File Info

                            General

                            File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):6.453714941299406
                            TrID:
                            • Win64 Executable GUI Net Framework (217006/5) 49.88%
                            • Win64 Executable GUI (202006/5) 46.43%
                            • Win64 Executable (generic) (12005/4) 2.76%
                            • Generic Win/DOS Executable (2004/3) 0.46%
                            • DOS Executable Generic (2002/1) 0.46%
                            File name:rPO_CW00402902400429.exe
                            File size:1'148'447 bytes
                            MD5:a95188ad665b3b47e8f51ef7f0b9febc
                            SHA1:b6dc86a86e20ad925f96cb3e6d192833df5bb800
                            SHA256:169f892590fa77d8ab87886ab133ed61389f5d21c8830cbc3941785e55685166
                            SHA512:56bfad1acc7c2c7cf551544bbec51e4649b1bc46fe7290f5f949bf18a31bac621a05e91849e181030010503efad743289883bca518bdb9df979474adfc4f2516
                            SSDEEP:12288:lum5ax6cGR+jpSV5S0xTWzWuAOHzEr7g4SKEWx893efm929iuRld4i8DpgP:lum5E6lRrSsWhEr7gOEWxI0m9W/8Dp4
                            TLSH:963522A4729B8E5BFC2A44B4E1D630F062FE9DA731F4825FEF0BAC1215501BD5166AF0
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...h..f.........."...0.(:............... ....@...... ....................................`................................

                            File Icon

                            Icon Hash:00928e8e8686b000

                            Static PE Info

                            General

                            Entrypoint:0x400000
                            Entrypoint Section:
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Time Stamp:0x66F2A468 [Tue Sep 24 11:37:12 2024 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:

                            Entrypoint Preview

                            Instruction
                            dec ebp
                            pop edx
                            nop
                            add byte ptr [ebx], al
                            add byte ptr [eax], al
                            add byte ptr [eax+eax], al
                            add byte ptr [eax], al

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x5ea.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000x3a280x3c0025900506c0799b71d998d9a4d8ea8ee9False0.6342447916666667data6.184312623318167IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rsrc0x60000x5ea0x60057d280fb4b749a5ff5990ae311254c9eFalse0.4212239583333333data4.1460215092223IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_VERSION0x60a00x360data0.41087962962962965
                            RT_MANIFEST0x64000x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                            Network Behavior

                            Suricata IDS Alerts

                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                            2024-09-25T13:57:32.022824+02002855245ETPRO MALWARE Agent Tesla Exfil via SMTP1192.168.2.849706192.185.35.35587TCP
                            2024-09-25T13:57:32.022824+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849706192.185.35.35587TCP
                            2024-09-25T13:57:32.565040+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849706192.185.35.35587TCP
                            2024-09-25T13:57:32.565040+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849706192.185.35.35587TCP
                            2024-09-25T13:57:32.565040+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849706192.185.35.35587TCP
                            2024-09-25T13:57:33.941370+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849710192.185.35.35587TCP
                            2024-09-25T13:57:34.155197+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849710192.185.35.35587TCP
                            2024-09-25T13:57:34.155197+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849710192.185.35.35587TCP
                            2024-09-25T13:57:34.155197+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849710192.185.35.35587TCP
                            2024-09-25T13:59:12.083159+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849716192.185.35.35587TCP
                            2024-09-25T13:59:12.090718+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849716192.185.35.35587TCP
                            2024-09-25T13:59:12.090718+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849716192.185.35.35587TCP
                            2024-09-25T13:59:12.090718+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849716192.185.35.35587TCP
                            2024-09-25T13:59:26.056933+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849717192.185.35.35587TCP
                            2024-09-25T13:59:26.066992+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849717192.185.35.35587TCP
                            2024-09-25T13:59:26.066992+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849717192.185.35.35587TCP
                            2024-09-25T13:59:26.066992+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849717192.185.35.35587TCP
                            2024-09-25T13:59:29.085276+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849718192.185.35.35587TCP
                            2024-09-25T13:59:29.093107+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849718192.185.35.35587TCP
                            2024-09-25T13:59:29.093107+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849718192.185.35.35587TCP
                            2024-09-25T13:59:29.093107+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849718192.185.35.35587TCP
                            2024-09-25T13:59:36.345966+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849719192.185.35.35587TCP
                            2024-09-25T13:59:36.354997+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849719192.185.35.35587TCP
                            2024-09-25T13:59:36.354997+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849719192.185.35.35587TCP
                            2024-09-25T13:59:36.354997+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849719192.185.35.35587TCP
                            2024-09-25T13:59:42.867356+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849720192.185.35.35587TCP
                            2024-09-25T13:59:42.874235+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849720192.185.35.35587TCP
                            2024-09-25T13:59:42.874235+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849720192.185.35.35587TCP
                            2024-09-25T13:59:42.874235+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849720192.185.35.35587TCP
                            2024-09-25T13:59:59.569333+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849721192.185.35.35587TCP
                            2024-09-25T13:59:59.579689+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849721192.185.35.35587TCP
                            2024-09-25T13:59:59.579689+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849721192.185.35.35587TCP
                            2024-09-25T13:59:59.579689+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849721192.185.35.35587TCP
                            2024-09-25T14:00:07.515927+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849722192.185.35.35587TCP
                            2024-09-25T14:00:07.523135+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849722192.185.35.35587TCP
                            2024-09-25T14:00:07.523135+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849722192.185.35.35587TCP
                            2024-09-25T14:00:07.523135+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849722192.185.35.35587TCP
                            2024-09-25T14:00:26.526605+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849724192.185.35.35587TCP
                            2024-09-25T14:00:26.534658+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849724192.185.35.35587TCP
                            2024-09-25T14:00:26.534658+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849724192.185.35.35587TCP
                            2024-09-25T14:00:26.534658+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849724192.185.35.35587TCP
                            2024-09-25T14:00:40.454593+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849725192.185.35.35587TCP
                            2024-09-25T14:00:40.460677+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849725192.185.35.35587TCP
                            2024-09-25T14:00:40.460677+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849725192.185.35.35587TCP
                            2024-09-25T14:00:40.460677+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849725192.185.35.35587TCP
                            2024-09-25T14:00:44.630933+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849727192.185.35.35587TCP
                            2024-09-25T14:00:44.637125+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849727192.185.35.35587TCP
                            2024-09-25T14:00:44.637125+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849727192.185.35.35587TCP
                            2024-09-25T14:00:44.637125+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849727192.185.35.35587TCP
                            2024-09-25T14:01:04.303489+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849728192.185.35.35587TCP
                            2024-09-25T14:01:04.309863+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849728192.185.35.35587TCP
                            2024-09-25T14:01:04.309863+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849728192.185.35.35587TCP
                            2024-09-25T14:01:04.309863+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849728192.185.35.35587TCP
                            2024-09-25T14:01:12.940839+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849730192.185.35.35587TCP
                            2024-09-25T14:01:12.947054+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849730192.185.35.35587TCP
                            2024-09-25T14:01:12.947054+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849730192.185.35.35587TCP
                            2024-09-25T14:01:12.947054+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849730192.185.35.35587TCP
                            2024-09-25T14:01:13.439468+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849731192.185.35.35587TCP
                            2024-09-25T14:01:13.447069+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849731192.185.35.35587TCP
                            2024-09-25T14:01:13.447069+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849731192.185.35.35587TCP
                            2024-09-25T14:01:13.447069+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849731192.185.35.35587TCP
                            2024-09-25T14:01:28.556578+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849732192.185.35.35587TCP
                            2024-09-25T14:01:28.562732+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849732192.185.35.35587TCP
                            2024-09-25T14:01:28.562732+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849732192.185.35.35587TCP
                            2024-09-25T14:01:28.562732+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849732192.185.35.35587TCP
                            2024-09-25T14:01:35.334481+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849733192.185.35.35587TCP
                            2024-09-25T14:01:35.341086+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849733192.185.35.35587TCP
                            2024-09-25T14:01:35.341086+02002839723ETPRO MALWARE Win32/Agent Tesla SMTP Activity1192.168.2.849733192.185.35.35587TCP
                            2024-09-25T14:01:35.341086+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849733192.185.35.35587TCP

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 25, 2024 13:57:30.353161097 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:30.360945940 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:30.361057043 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:31.067558050 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.068305969 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:31.075845003 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.183825016 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.186980009 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:31.192341089 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.303263903 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.354806900 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:31.359766960 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.665409088 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.665738106 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:31.670591116 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.781341076 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.781706095 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:31.786514044 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.906511068 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:31.906754971 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:31.911833048 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.022161961 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.022779942 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:32.022824049 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:32.022824049 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:32.022861004 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:32.027822971 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.027868986 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.027878046 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.027889013 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.200244904 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.248142958 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:32.253093958 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.564874887 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.565040112 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:32.565152884 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.565206051 CEST49706587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:32.565720081 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:32.570159912 CEST58749706192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.570566893 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:32.570631981 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.251023054 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.251250982 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.257802010 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.363481998 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.363857031 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.369759083 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.476465940 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.476691961 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.483357906 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.591314077 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.591449976 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.596283913 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.703078032 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.703341007 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.708163023 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.827668905 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.827851057 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.832946062 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.939568996 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.941313982 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.941349983 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.941370010 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.941397905 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.941425085 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.941478968 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.941478968 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.941494942 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.941502094 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.941529989 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:33.946331978 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.946347952 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.946357012 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.946434975 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.946444035 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.946454048 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:33.946464062 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:34.115032911 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:34.155196905 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:57:34.345398903 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:57:34.348227978 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:10.249382973 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:10.254796028 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:10.423271894 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:10.428657055 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:10.428766966 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:10.571516991 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:10.571614027 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:10.571692944 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:10.571780920 CEST49710587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:10.576562881 CEST58749710192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.134757042 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.135024071 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:11.139828920 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.249452114 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.252401114 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:11.258928061 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.364326000 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.368758917 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:11.373644114 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.719120026 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.720340967 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:11.727524996 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.832139015 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.836539030 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:11.841351986 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.957609892 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:11.958204031 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:11.962994099 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.082674980 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.083029032 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.083116055 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.083158970 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.083218098 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.084480047 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.088167906 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.088174105 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.088184118 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.088249922 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.088385105 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.090636015 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.090641022 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.090718031 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.090718031 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.090723991 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.090734005 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.090787888 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.090817928 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.090821981 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.090878963 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.093698978 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.093748093 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.094501019 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.094580889 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.096225977 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.096360922 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.097453117 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.097547054 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.098675966 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.098730087 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.100209951 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.100284100 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.102544069 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.102606058 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.102938890 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.102992058 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.103039980 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.103099108 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.103101969 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.103151083 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.103179932 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.103189945 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.103199959 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.103241920 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.103264093 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:12.103502035 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.104682922 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.105957985 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.107520103 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.107795954 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.107929945 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108006954 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108062029 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108191967 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108196020 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108206034 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108211040 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108218908 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108239889 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108285904 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108289957 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.108299017 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.380373001 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:12.436660051 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:24.288712978 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:24.293642998 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:24.602025032 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:24.602113008 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:24.602188110 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:24.602272034 CEST49716587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:24.603589058 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:24.607793093 CEST58749716192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:24.609044075 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:24.609119892 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:25.308165073 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.310405970 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:25.315247059 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.425932884 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.429212093 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:25.434689999 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.545475960 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.573838949 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:25.578628063 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.691654921 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.691881895 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:25.696696997 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.811094999 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.811300039 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:25.819639921 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.938155890 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:25.938414097 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:25.945435047 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.056574106 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.056876898 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.056917906 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.056932926 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.056971073 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.058473110 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.065190077 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.065334082 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.065342903 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.065351009 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.065385103 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.066937923 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.066992044 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.067045927 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.067054033 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.067131996 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.071997881 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.072007895 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.072041035 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.072062016 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.073600054 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.073609114 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.073657036 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.073698044 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.073707104 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.073754072 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.073935986 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.073945045 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.074016094 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.078737974 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.078782082 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.078895092 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.078908920 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.078941107 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:26.079979897 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.080436945 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.080444098 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.080452919 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.080594063 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.080610991 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.080739975 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.080900908 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.080909014 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.080916882 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.083658934 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.083667040 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.083674908 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.083683968 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.083715916 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.083724022 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.083754063 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.083762884 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.084830046 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.084837914 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.371160030 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:26.441601992 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:27.002054930 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:27.010246992 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:27.318591118 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:27.318641901 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:27.318840981 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:27.318840981 CEST49717587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:27.321399927 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:27.330435991 CEST58749717192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:27.330446959 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:27.331363916 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:28.290335894 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.290357113 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.290415049 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:28.292069912 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:28.299365997 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.406018019 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.412424088 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:28.417278051 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.525008917 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.525377035 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:28.531358957 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.641439915 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.641808033 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:28.647537947 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.759391069 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.759535074 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:28.768080950 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.919229031 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:28.919411898 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:28.925492048 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.084882975 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.085175037 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.085222006 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.085275888 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.085275888 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.088094950 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.091001987 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.091013908 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.091022968 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.091101885 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.091671944 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.092981100 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.093075991 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.093091965 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.093106985 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.093266010 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.096246004 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.096318960 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.096582890 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.096698046 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.098622084 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.098702908 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.098819017 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.099251032 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.099298000 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.099462986 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.102746964 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.102781057 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.102812052 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.102937937 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.104469061 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.104504108 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.104532003 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:29.105264902 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105329990 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105473042 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105479956 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105489016 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105520010 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105575085 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105582952 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105602026 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105659962 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105716944 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.105724096 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.108659029 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.109782934 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.109791994 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.109869957 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.109874010 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.109880924 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.109890938 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.109899044 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.110701084 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.110711098 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.389611006 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.602961063 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:29.603446007 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:34.378245115 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:34.584527016 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:34.891552925 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:34.891690016 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:34.891707897 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:34.891740084 CEST49718587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:34.893268108 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:34.896615028 CEST58749718192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:34.898111105 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:34.898375988 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:35.651633024 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:35.651887894 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:35.656708956 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:35.763118982 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:35.763392925 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:35.768240929 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:35.874351978 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:35.878326893 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:35.883150101 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:35.990159988 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:35.990508080 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:35.995404959 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.101180077 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.101366043 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.106225014 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.222045898 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.222290993 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.227163076 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.345315933 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.345849991 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.345966101 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.345966101 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.346052885 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.347749949 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.350801945 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.350831985 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.350860119 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.350913048 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.354895115 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.354929924 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.354938030 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.354964972 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.354996920 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.355057001 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.355077982 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.355139017 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.355760098 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.355829954 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.360055923 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.360114098 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.360177994 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.360451937 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.360481024 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.360507965 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.360513926 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.360536098 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.360563993 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.360568047 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.360644102 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.360673904 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.360738993 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:36.364809990 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.365103006 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.365325928 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.365478039 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.365505934 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.369514942 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.369541883 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.369570971 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.369597912 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.369625092 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.369651079 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.369693995 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.369721889 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.369754076 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.369759083 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.370063066 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.370090961 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.370117903 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.370158911 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.370184898 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.370210886 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.370237112 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.642940998 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:36.686691046 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:39.932292938 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:39.937216997 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:40.262974024 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:40.263067007 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:40.263118982 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:40.263161898 CEST49719587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:40.264270067 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:40.268129110 CEST58749719192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:40.269120932 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:40.269253969 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:40.995485067 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:40.996016026 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:41.000911951 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.061805964 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.062010050 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.062108994 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.062315941 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.062361002 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.063302994 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.063363075 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.067656040 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.072516918 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.184818029 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.185106993 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.189974070 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.501899958 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.502101898 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.506995916 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.620822906 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.621012926 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.625926018 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.750071049 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.750258923 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.755058050 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.866944075 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.867265940 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.867356062 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.867356062 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.867356062 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.868612051 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.872142076 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.872158051 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.872169971 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.872226000 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.872390032 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.873414040 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.873491049 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.873502970 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.873532057 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.873543978 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.873632908 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.874234915 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.876924038 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.876996994 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.877002001 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.877077103 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.879089117 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.879167080 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.879169941 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.879245996 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.879312038 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.879354954 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.879369020 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.879431009 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.881959915 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.882036924 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.882045984 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.882112026 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:42.883934975 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.884062052 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.884125948 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.884207964 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.884248018 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.884280920 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.884314060 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.884392023 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.884404898 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.884469032 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.884480953 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.886926889 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.886940002 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.886960983 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.886972904 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.887058973 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.887070894 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.887083054 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.887094021 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.887114048 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.887125015 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.887145042 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:42.887156010 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:43.182101011 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:43.390971899 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:43.391122103 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:57.558114052 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:57.563133955 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:57.876269102 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:57.876306057 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:57.876382113 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:57.876513958 CEST49720587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:57.877603054 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:57.881231070 CEST58749720192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:57.882420063 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:57.882797956 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:58.626094103 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:58.626270056 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:58.631161928 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:58.741060019 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:58.796302080 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:58.800525904 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:58.979159117 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:58.979270935 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:58.979676962 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.090177059 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.101111889 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.106046915 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.215611935 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.215989113 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.222518921 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.331862926 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.332262039 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.337182045 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.454885006 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.455106020 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.460074902 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.568789005 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.569221973 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.569333076 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.569333076 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.569449902 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.574314117 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.574356079 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.574407101 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.574418068 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.574556112 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.574642897 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.579564095 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.579582930 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.579597950 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.579617977 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.579659939 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.579689026 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.579864979 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.584513903 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.584692001 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.584758997 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.584777117 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.584799051 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.584849119 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.584898949 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.584899902 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.584939003 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.584945917 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.584979057 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.585038900 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.589245081 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.589294910 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.589490891 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.589612961 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.589719057 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.589816093 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.589831114 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.589930058 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.589993000 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.590004921 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.590048075 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.590116024 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.590132952 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.590188026 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.590203047 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.590249062 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.590260983 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.590312958 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.590331078 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.594376087 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.594427109 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.594487906 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.594511986 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.594526052 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.594599009 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.594610929 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.594623089 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.594808102 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.594808102 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 13:59:59.599739075 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.871789932 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 13:59:59.921117067 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:05.797986031 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:05.803091049 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:06.113285065 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:06.113435984 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:06.113684893 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:06.113739014 CEST49721587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:06.114625931 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:06.118599892 CEST58749721192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:06.120770931 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:06.120868921 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:06.799899101 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:06.802272081 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:06.807126999 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:06.915735960 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:06.916305065 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:06.921237946 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.038214922 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.038449049 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.043344021 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.162168980 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.162393093 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.167294025 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.275702000 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.276036024 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.280884027 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.399496078 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.399677992 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.404582977 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.515336037 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.515810966 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.515897036 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.515927076 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.516016960 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.517787933 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.520669937 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.520715952 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.520728111 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.520787001 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.520812035 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.523013115 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.523134947 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.525487900 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.525554895 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.528042078 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.528105974 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.528120041 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.528135061 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.528187037 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.528234959 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.528268099 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.528291941 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.528327942 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.528335094 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.528388023 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.528410912 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.528471947 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.530428886 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.530483007 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.530551910 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:07.532973051 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533051014 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533086061 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533143044 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533169985 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533206940 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533243895 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533350945 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533432961 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533504009 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533540964 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533638000 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.533929110 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.535432100 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.535443068 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.535482883 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.535495043 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.535531998 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.535542965 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.535569906 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.535614967 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.895406008 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:07.938121080 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:22.554145098 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:22.563313007 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:22.868480921 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:22.868518114 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:22.868671894 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:22.868673086 CEST49722587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:22.869671106 CEST49723587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:22.873677969 CEST58749722192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:22.874475956 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:22.874646902 CEST49723587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:23.657186985 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:23.657411098 CEST49723587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:23.662230968 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:23.774818897 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:23.775156975 CEST49723587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:23.780834913 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:23.893295050 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:23.893575907 CEST49723587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:23.899780989 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:24.890177965 CEST49723587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:24.894045115 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:24.894159079 CEST49723587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:24.894999981 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:24.895078897 CEST49723587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:24.895837069 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:24.898221016 CEST58749723192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:24.898247004 CEST49723587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:24.898318052 CEST49723587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:24.950181961 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:24.958230019 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:24.962318897 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:25.628751040 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:25.628983974 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:25.634013891 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:25.740408897 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:25.740600109 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:25.959368944 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.061829090 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.062144041 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.067111969 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.174572945 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.174755096 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.179704905 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.285983086 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.286320925 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.291264057 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.410633087 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.414407969 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.419439077 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.525902987 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.526546001 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.526604891 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.526604891 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.529594898 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.529594898 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.531430006 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.531443119 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.531450987 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.531534910 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.534503937 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.534514904 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.534631968 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.534641027 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.534657955 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.534734964 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.534791946 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.534800053 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.534909964 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.536309958 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.536479950 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.539496899 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.539547920 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.539570093 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.539575100 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.539578915 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.539608955 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.539654016 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.539783955 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.539803028 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.539841890 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.539874077 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.539880991 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.539947033 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.540117979 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.541333914 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.541459084 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.541548967 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:26.544398069 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544449091 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544460058 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544540882 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544554949 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544559002 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544641018 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544645071 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544682980 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544713974 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544764996 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544878006 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544883013 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544935942 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544939995 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544949055 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.544962883 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.545067072 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.545072079 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.545098066 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.546331882 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.546361923 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.546400070 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.546521902 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.546533108 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.546538115 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.546547890 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.829932928 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:26.906264067 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:38.524549007 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:38.529397011 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:38.883680105 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:38.883694887 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:38.883742094 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:38.883869886 CEST49724587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:38.885236979 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:38.888859034 CEST58749724192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:38.890163898 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:38.890248060 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:39.699522018 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:39.702163935 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:39.706969976 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:39.820329905 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:39.820955038 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:39.827202082 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:39.939515114 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:39.942399979 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:39.951103926 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.085269928 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.089412928 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.094302893 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.206513882 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.206737041 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.211582899 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.333482027 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.333647013 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.338443041 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.450638056 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.454468966 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.454557896 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.454592943 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.454647064 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.455773115 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.459281921 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.459299088 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.459302902 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.459353924 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.459439993 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.460618973 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.460676908 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.460748911 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.460752964 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.460820913 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.464013100 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.464143991 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.464202881 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.465534925 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.465557098 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.465590954 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.465625048 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.465720892 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.465766907 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.465775967 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.465800047 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.465848923 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.469090939 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.469177008 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.469254971 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:40.470400095 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.470474958 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.470480919 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.470640898 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.470674992 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.470735073 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.470835924 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.470869064 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.470967054 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.470976114 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.470979929 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.474123955 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.474148035 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.474160910 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.474170923 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.474183083 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.474234104 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.474237919 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.475155115 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.475181103 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.475184917 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.767904997 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:40.811846972 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:41.460177898 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:41.465058088 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:41.778100014 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:41.778177023 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:41.778292894 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:41.778353930 CEST49725587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:41.779537916 CEST49726587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:41.784094095 CEST58749725192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:41.784508944 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:41.786205053 CEST49726587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:42.488436937 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:42.488605976 CEST49726587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:42.494488001 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:42.606663942 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:42.606939077 CEST49726587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:42.611767054 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:42.724123955 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:42.724451065 CEST49726587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:42.729266882 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:42.842653990 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:42.842835903 CEST49726587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:42.847613096 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:42.959647894 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:42.959836960 CEST49726587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:42.964708090 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:43.088602066 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:43.088771105 CEST49726587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:43.095232964 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:43.108831882 CEST49726587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:43.115796089 CEST58749726192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:43.115847111 CEST49726587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:43.176624060 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:43.181529045 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:43.181685925 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:43.864840984 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:43.866269112 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:43.873780966 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:43.981565952 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:43.982295036 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:43.987107992 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.097523928 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.102371931 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.107228994 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.263118982 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.263334990 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.271203041 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.389271975 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.389446020 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.397559881 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.514086008 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.514235973 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.519048929 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.630455017 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.630877972 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.630907059 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.630933046 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.630986929 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.632235050 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.635687113 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.635698080 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.635706902 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.635756016 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.635770082 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.637068987 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.637093067 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.637125015 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.637149096 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.637187004 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.637221098 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.640366077 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.640405893 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.640511036 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.640552998 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.641940117 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.641974926 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.641984940 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.641984940 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.642024040 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.642210960 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.642242908 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.642256021 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.642292976 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.642308950 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.642389059 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.645211935 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.645232916 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.645256042 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.645277977 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.645381927 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.645425081 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:00:44.645473957 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.646838903 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.646871090 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.646929979 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.646939039 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.647037983 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.647100925 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.647177935 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.647186995 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.647219896 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.647228956 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.647677898 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.650557041 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.650557995 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.650561094 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.650572062 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.650579929 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.650588036 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.650597095 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.650604963 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.651597023 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.651634932 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:44.937503099 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:00:45.092011929 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:02.350233078 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:02.355217934 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:02.667587042 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:02.667717934 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:02.667917013 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:02.667956114 CEST49727587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:02.669131994 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:02.673749924 CEST58749727192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:02.675204992 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:02.675277948 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:03.403351068 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:03.403774977 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:03.408588886 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:03.516521931 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:03.517457962 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:03.522289038 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:03.629839897 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:03.630209923 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:03.635065079 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:03.942946911 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:03.944463015 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:03.949850082 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.058811903 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.061126947 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.070653915 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.186628103 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.188934088 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.195456982 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.302958012 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.303360939 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.303488970 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.303488970 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.303488970 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.304795980 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.308317900 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.308386087 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.308399916 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.308415890 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.308485031 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.309695959 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.309776068 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.309782982 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.309798956 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.309863091 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.309870005 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.309887886 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.309932947 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.309962988 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.309981108 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.310030937 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.314033985 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.314049959 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.314110994 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.314157963 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.314646006 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.314726114 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.314774036 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.314790964 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.314829111 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.314843893 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.314903021 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.314981937 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.315018892 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.315045118 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.315144062 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.319053888 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.319108009 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.319127083 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.319190025 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:04.320204020 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.320902109 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.320943117 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.321052074 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.321072102 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.321115971 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.321194887 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.321223974 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.321278095 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.321307898 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.321346045 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.321697950 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.321736097 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.324076891 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.324091911 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.324139118 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.324985027 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.324999094 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.325052023 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.325079918 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.325092077 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.325119019 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.325134039 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.601361990 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:04.655330896 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:11.179055929 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:11.184015989 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:11.240350962 CEST49729587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:11.245305061 CEST58749729192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:11.254044056 CEST49729587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:11.492728949 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:11.492742062 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:11.492856979 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:11.492921114 CEST49728587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:11.494007111 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:11.497695923 CEST58749728192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:11.498853922 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:11.499083042 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:11.967895985 CEST49729587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.016513109 CEST58749729192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.016652107 CEST49729587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.016978979 CEST58749729192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.018001080 CEST49729587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.042084932 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.047298908 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.047492027 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.252753019 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.253154993 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.258013010 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.365509033 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.365696907 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.370774031 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.478595972 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.478836060 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.483869076 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.592747927 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.593791962 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.598674059 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.706226110 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.706443071 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.711412907 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.723448038 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.723743916 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.728724003 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.828161001 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.828313112 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.833192110 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.839111090 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.839288950 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.844151020 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.940414906 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.940785885 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.940824032 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.940839052 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.940954924 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.942114115 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.945730925 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.945763111 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.945775986 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.945811987 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.946120024 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.946990013 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.947051048 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.947053909 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.947103024 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.947222948 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.947326899 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.950442076 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.950532913 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.950953007 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.951047897 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.951919079 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.951957941 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.951983929 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.952014923 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.952071905 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.952137947 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.952157974 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.952174902 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.952223063 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.952236891 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.952291965 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.955559969 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.955638885 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.955642939 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.955696106 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.956630945 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.956672907 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.956698895 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.956890106 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957063913 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957081079 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957181931 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957216024 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957252979 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957287073 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957370996 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957386971 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957436085 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957453966 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.957515001 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.960525036 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.961442947 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.961455107 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.961492062 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.961520910 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.961558104 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.961585999 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.961627960 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.961638927 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.961669922 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.969873905 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:12.970159054 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:12.974987030 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.084861040 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.085139036 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.090075016 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.198434114 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.198590994 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.203522921 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.244061947 CEST58749730192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.322221041 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.324373007 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.329333067 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.392761946 CEST49730587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.438905954 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.439366102 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.439366102 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.439467907 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.439467907 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.441865921 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.444327116 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.445266962 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.445281029 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.445311069 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.445424080 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.446898937 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.447025061 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.447043896 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.447068930 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.447139978 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.447199106 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.449924946 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.450373888 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.450922966 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.452307940 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.452321053 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.452349901 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.452362061 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.452394962 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.452471018 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.454168081 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.454745054 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.454853058 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.454972982 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.455854893 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.455894947 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.456011057 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:13.457345009 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.457545996 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.457745075 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.457860947 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.457873106 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.457887888 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.459134102 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.459233999 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460041046 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460053921 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460066080 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460078001 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460128069 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460139990 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460166931 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460876942 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460916996 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460944891 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.460962057 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.748997927 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:13.796852112 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:26.459201097 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:26.466190100 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:26.776341915 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:26.776434898 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:26.776493073 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:26.776546955 CEST49731587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:26.778064966 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:26.787452936 CEST58749731192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:26.787473917 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:26.787561893 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:27.494259119 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:27.494657040 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:27.499528885 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:27.609988928 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:27.610168934 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:27.615047932 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:27.725559950 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:27.725936890 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:27.730935097 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.177222013 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.177897930 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.184492111 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.293082952 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.296197891 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.301054001 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.440748930 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.440993071 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.445821047 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.556207895 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.556540966 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.556540966 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.556577921 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.556644917 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.557677031 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.561490059 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.561499119 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.561510086 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.561515093 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.561671972 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.562606096 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.562611103 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.562621117 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.562625885 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.562630892 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.562731981 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.562772989 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.562856913 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.566145897 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.566226006 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.566514015 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.566595078 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.567557096 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.567572117 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.567646027 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.567657948 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.567734957 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.567759991 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.567807913 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.567811012 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.567850113 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.567918062 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.571213961 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.571297884 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.571326971 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.571382046 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.571403027 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.571471930 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.572257996 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572511911 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572518110 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572554111 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572609901 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572613955 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572627068 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572736979 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572750092 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572810888 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572838068 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572864056 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.572912931 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.576101065 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.576142073 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.576152086 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.577127934 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.577132940 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.577142000 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.577146053 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.577164888 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.577168941 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.577178001 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.577342033 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:28.582459927 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.876343012 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:28.983228922 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:33.595771074 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:33.604229927 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:33.919122934 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:33.919269085 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:33.919323921 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:33.919476986 CEST49732587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:33.920236111 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:33.924295902 CEST58749732192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:33.925858021 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:33.929714918 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:34.618051052 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:34.618364096 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:34.624213934 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:34.736171961 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:34.736442089 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:34.744525909 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:34.852231026 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:34.852685928 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:34.857551098 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:34.972840071 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:34.973180056 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:34.978064060 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.092569113 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.092721939 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.097549915 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.217775106 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.218183041 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.223041058 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.333843946 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.334386110 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.334481001 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.334481001 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.334481001 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.335834980 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.339349031 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.339390993 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.339401007 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.339468002 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.339468956 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.340982914 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.341012955 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.341085911 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.341134071 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.341195107 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.344145060 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.344218016 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.346029997 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.346065044 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.346108913 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.346120119 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.346159935 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.346163988 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.346213102 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.346405983 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.346471071 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.346502066 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.346543074 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.346622944 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.349123955 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.349133015 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.349224091 CEST49733587192.168.2.8192.185.35.35
                            Sep 25, 2024 14:01:35.350969076 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351052999 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351077080 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351187944 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351241112 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351329088 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351358891 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351494074 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351537943 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351547003 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351563931 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351572037 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351615906 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.351624012 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.354428053 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.355876923 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.355885983 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.356003046 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.356012106 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.356030941 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.356045961 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.356050968 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.647916079 CEST58749733192.185.35.35192.168.2.8
                            Sep 25, 2024 14:01:35.701906919 CEST49733587192.168.2.8192.185.35.35

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 25, 2024 13:57:30.222538948 CEST5431153192.168.2.81.1.1.1
                            Sep 25, 2024 13:57:30.339736938 CEST53543111.1.1.1192.168.2.8

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Sep 25, 2024 13:57:30.222538948 CEST192.168.2.81.1.1.10xbd0eStandard query (0)mail.visiontrade.aeA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Sep 25, 2024 13:57:30.339736938 CEST1.1.1.1192.168.2.80xbd0eNo error (0)mail.visiontrade.ae192.185.35.35A (IP address)IN (0x0001)false

                            SMTP Packets

                            TimestampSource PortDest PortSource IPDest IPCommands
                            Sep 25, 2024 13:57:31.067558050 CEST58749706192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 06:57:31 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 13:57:31.068305969 CEST49706587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 13:57:31.183825016 CEST58749706192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:57:31.186980009 CEST49706587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 13:57:31.303263903 CEST58749706192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 13:57:31.665409088 CEST58749706192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 13:57:31.665738106 CEST49706587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:57:31.781341076 CEST58749706192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 13:57:31.781706095 CEST49706587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:57:31.906511068 CEST58749706192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 13:57:31.906754971 CEST49706587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 13:57:32.022161961 CEST58749706192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 13:57:32.022861004 CEST49706587192.168.2.8192.185.35.35.
                            Sep 25, 2024 13:57:32.200244904 CEST58749706192.185.35.35192.168.2.8250 OK id=1stQeB-001WZL-36
                            Sep 25, 2024 13:57:32.248142958 CEST49706587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 13:57:32.564874887 CEST58749706192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 13:57:33.251023054 CEST58749710192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 06:57:33 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 13:57:33.251250982 CEST49710587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 13:57:33.363481998 CEST58749710192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:57:33.363857031 CEST49710587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 13:57:33.476465940 CEST58749710192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 13:57:33.591314077 CEST58749710192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 13:57:33.591449976 CEST49710587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:57:33.703078032 CEST58749710192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 13:57:33.703341007 CEST49710587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:57:33.827668905 CEST58749710192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 13:57:33.827851057 CEST49710587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 13:57:33.939568996 CEST58749710192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 13:57:33.941529989 CEST49710587192.168.2.8192.185.35.35.
                            Sep 25, 2024 13:57:34.115032911 CEST58749710192.185.35.35192.168.2.8250 OK id=1stQeD-001WaU-2q
                            Sep 25, 2024 13:57:34.345398903 CEST58749710192.185.35.35192.168.2.8250 OK id=1stQeD-001WaU-2q
                            Sep 25, 2024 13:59:10.249382973 CEST49710587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 13:59:10.571516991 CEST58749710192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 13:59:11.134757042 CEST58749716192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 06:59:11 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 13:59:11.135024071 CEST49716587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 13:59:11.249452114 CEST58749716192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:59:11.252401114 CEST49716587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 13:59:11.364326000 CEST58749716192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 13:59:11.719120026 CEST58749716192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 13:59:11.720340967 CEST49716587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:11.832139015 CEST58749716192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 13:59:11.836539030 CEST49716587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:11.957609892 CEST58749716192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 13:59:11.958204031 CEST49716587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 13:59:12.082674980 CEST58749716192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 13:59:12.380373001 CEST58749716192.185.35.35192.168.2.8250 OK id=1stQfo-001XvE-02
                            Sep 25, 2024 13:59:24.288712978 CEST49716587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 13:59:24.602025032 CEST58749716192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 13:59:25.308165073 CEST58749717192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 06:59:25 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 13:59:25.310405970 CEST49717587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 13:59:25.425932884 CEST58749717192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:59:25.429212093 CEST49717587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 13:59:25.545475960 CEST58749717192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 13:59:25.691654921 CEST58749717192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 13:59:25.691881895 CEST49717587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:25.811094999 CEST58749717192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 13:59:25.811300039 CEST49717587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:25.938155890 CEST58749717192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 13:59:25.938414097 CEST49717587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 13:59:26.056574106 CEST58749717192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 13:59:26.371160030 CEST58749717192.185.35.35192.168.2.8250 OK id=1stQg1-001YAh-3C
                            Sep 25, 2024 13:59:27.002054930 CEST49717587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 13:59:27.318591118 CEST58749717192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 13:59:28.290335894 CEST58749718192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 06:59:27 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 13:59:28.290357113 CEST58749718192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 06:59:27 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 13:59:28.292069912 CEST49718587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 13:59:28.406018019 CEST58749718192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:59:28.412424088 CEST49718587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 13:59:28.525008917 CEST58749718192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 13:59:28.641439915 CEST58749718192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 13:59:28.641808033 CEST49718587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:28.759391069 CEST58749718192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 13:59:28.759535074 CEST49718587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:28.919229031 CEST58749718192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 13:59:28.919411898 CEST49718587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 13:59:29.084882975 CEST58749718192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 13:59:29.389611006 CEST58749718192.185.35.35192.168.2.8250 OK id=1stQg5-001YCg-00
                            Sep 25, 2024 13:59:29.602961063 CEST58749718192.185.35.35192.168.2.8250 OK id=1stQg5-001YCg-00
                            Sep 25, 2024 13:59:34.378245115 CEST49718587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 13:59:34.891552925 CEST58749718192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 13:59:35.651633024 CEST58749719192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 06:59:35 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 13:59:35.651887894 CEST49719587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 13:59:35.763118982 CEST58749719192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:59:35.763392925 CEST49719587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 13:59:35.874351978 CEST58749719192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 13:59:35.990159988 CEST58749719192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 13:59:35.990508080 CEST49719587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:36.101180077 CEST58749719192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 13:59:36.101366043 CEST49719587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:36.222045898 CEST58749719192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 13:59:36.222290993 CEST49719587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 13:59:36.345315933 CEST58749719192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 13:59:36.642940998 CEST58749719192.185.35.35192.168.2.8250 OK id=1stQgC-001YJx-0t
                            Sep 25, 2024 13:59:39.932292938 CEST49719587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 13:59:40.262974024 CEST58749719192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 13:59:40.995485067 CEST58749720192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 06:59:40 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 13:59:40.996016026 CEST49720587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 13:59:42.061805964 CEST58749720192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:59:42.062010050 CEST58749720192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:59:42.062315941 CEST58749720192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:59:42.063302994 CEST58749720192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:59:42.067656040 CEST49720587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 13:59:42.184818029 CEST58749720192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 13:59:42.501899958 CEST58749720192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 13:59:42.502101898 CEST49720587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:42.620822906 CEST58749720192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 13:59:42.621012926 CEST49720587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:42.750071049 CEST58749720192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 13:59:42.750258923 CEST49720587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 13:59:42.866944075 CEST58749720192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 13:59:43.182101011 CEST58749720192.185.35.35192.168.2.8250 OK id=1stQgI-001YOR-2a
                            Sep 25, 2024 13:59:43.390971899 CEST58749720192.185.35.35192.168.2.8250 OK id=1stQgI-001YOR-2a
                            Sep 25, 2024 13:59:57.558114052 CEST49720587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 13:59:57.876269102 CEST58749720192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 13:59:58.626094103 CEST58749721192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 06:59:58 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 13:59:58.626270056 CEST49721587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 13:59:58.741060019 CEST58749721192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:59:58.800525904 CEST49721587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 13:59:58.979159117 CEST58749721192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 13:59:59.090177059 CEST58749721192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 13:59:59.215611935 CEST58749721192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 13:59:59.215989113 CEST49721587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:59.331862926 CEST58749721192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 13:59:59.332262039 CEST49721587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 13:59:59.454885006 CEST58749721192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 13:59:59.455106020 CEST49721587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 13:59:59.568789005 CEST58749721192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 13:59:59.594808102 CEST49721587192.168.2.8192.185.35.35.
                            Sep 25, 2024 13:59:59.871789932 CEST58749721192.185.35.35192.168.2.8250 OK id=1stQgZ-001Yh2-1d
                            Sep 25, 2024 14:00:05.797986031 CEST49721587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 14:00:06.113285065 CEST58749721192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 14:00:06.799899101 CEST58749722192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:00:06 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:00:06.802272081 CEST49722587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:00:06.915735960 CEST58749722192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:00:06.916305065 CEST49722587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:00:07.038214922 CEST58749722192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:00:07.162168980 CEST58749722192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:00:07.162393093 CEST49722587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:00:07.275702000 CEST58749722192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 14:00:07.276036024 CEST49722587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:00:07.399496078 CEST58749722192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 14:00:07.399677992 CEST49722587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 14:00:07.515336037 CEST58749722192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 14:00:07.895406008 CEST58749722192.185.35.35192.168.2.8250 OK id=1stQgh-001Z1e-1T
                            Sep 25, 2024 14:00:22.554145098 CEST49722587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 14:00:22.868480921 CEST58749722192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 14:00:23.657186985 CEST58749723192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:00:23 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:00:23.657411098 CEST49723587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:00:23.774818897 CEST58749723192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:00:23.775156975 CEST49723587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:00:23.893295050 CEST58749723192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:00:24.894045115 CEST58749723192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:00:24.894999981 CEST58749723192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:00:24.895837069 CEST58749723192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:00:25.628751040 CEST58749724192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:00:25 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:00:25.628983974 CEST49724587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:00:25.740408897 CEST58749724192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:00:25.740600109 CEST49724587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:00:26.061829090 CEST58749724192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:00:26.174572945 CEST58749724192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:00:26.174755096 CEST49724587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:00:26.285983086 CEST58749724192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 14:00:26.286320925 CEST49724587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:00:26.410633087 CEST58749724192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 14:00:26.414407969 CEST49724587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 14:00:26.525902987 CEST58749724192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 14:00:26.829932928 CEST58749724192.185.35.35192.168.2.8250 OK id=1stQh0-001ZSQ-1V
                            Sep 25, 2024 14:00:38.524549007 CEST49724587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 14:00:38.883680105 CEST58749724192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 14:00:39.699522018 CEST58749725192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:00:39 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:00:39.702163935 CEST49725587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:00:39.820329905 CEST58749725192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:00:39.820955038 CEST49725587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:00:39.939515114 CEST58749725192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:00:40.085269928 CEST58749725192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:00:40.089412928 CEST49725587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:00:40.206513882 CEST58749725192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 14:00:40.206737041 CEST49725587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:00:40.333482027 CEST58749725192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 14:00:40.333647013 CEST49725587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 14:00:40.450638056 CEST58749725192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 14:00:40.767904997 CEST58749725192.185.35.35192.168.2.8250 OK id=1stQhE-001ZiC-1F
                            Sep 25, 2024 14:00:41.460177898 CEST49725587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 14:00:41.778100014 CEST58749725192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 14:00:42.488436937 CEST58749726192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:00:42 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:00:42.488605976 CEST49726587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:00:42.606663942 CEST58749726192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:00:42.606939077 CEST49726587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:00:42.724123955 CEST58749726192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:00:42.842653990 CEST58749726192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:00:42.842835903 CEST49726587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:00:42.959647894 CEST58749726192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 14:00:42.959836960 CEST49726587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:00:43.088602066 CEST58749726192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 14:00:43.088771105 CEST49726587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 14:00:43.864840984 CEST58749727192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:00:43 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:00:43.866269112 CEST49727587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:00:43.981565952 CEST58749727192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:00:43.982295036 CEST49727587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:00:44.097523928 CEST58749727192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:00:44.263118982 CEST58749727192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:00:44.263334990 CEST49727587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:00:44.389271975 CEST58749727192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 14:00:44.389446020 CEST49727587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:00:44.514086008 CEST58749727192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 14:00:44.514235973 CEST49727587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 14:00:44.630455017 CEST58749727192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 14:00:44.937503099 CEST58749727192.185.35.35192.168.2.8250 OK id=1stQhI-001ZpJ-1p
                            Sep 25, 2024 14:01:02.350233078 CEST49727587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 14:01:02.667587042 CEST58749727192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 14:01:03.403351068 CEST58749728192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:01:03 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:01:03.403774977 CEST49728587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:01:03.516521931 CEST58749728192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:01:03.517457962 CEST49728587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:01:03.629839897 CEST58749728192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:01:03.942946911 CEST58749728192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:01:03.944463015 CEST49728587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:01:04.058811903 CEST58749728192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 14:01:04.061126947 CEST49728587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:01:04.186628103 CEST58749728192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 14:01:04.188934088 CEST49728587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 14:01:04.302958012 CEST58749728192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 14:01:04.601361990 CEST58749728192.185.35.35192.168.2.8250 OK id=1stQhc-001aDw-0m
                            Sep 25, 2024 14:01:11.179055929 CEST49728587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 14:01:11.492728949 CEST58749728192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 14:01:12.016513109 CEST58749729192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:01:11 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:01:12.252753019 CEST58749730192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:01:12 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:01:12.253154993 CEST49730587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:01:12.365509033 CEST58749730192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:01:12.365696907 CEST49730587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:01:12.478595972 CEST58749730192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:01:12.592747927 CEST58749730192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:01:12.593791962 CEST49730587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:01:12.706226110 CEST58749730192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 14:01:12.706443071 CEST49730587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:01:12.723448038 CEST58749731192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:01:12 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:01:12.723743916 CEST49731587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:01:12.828161001 CEST58749730192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 14:01:12.828313112 CEST49730587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 14:01:12.839111090 CEST58749731192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:01:12.839288950 CEST49731587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:01:12.940414906 CEST58749730192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 14:01:12.969873905 CEST58749731192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:01:13.084861040 CEST58749731192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:01:13.085139036 CEST49731587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:01:13.198434114 CEST58749731192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 14:01:13.198590994 CEST49731587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:01:13.244061947 CEST58749730192.185.35.35192.168.2.8250 OK id=1stQhk-001aM1-2q
                            Sep 25, 2024 14:01:13.322221041 CEST58749731192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 14:01:13.324373007 CEST49731587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 14:01:13.438905954 CEST58749731192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 14:01:13.748997927 CEST58749731192.185.35.35192.168.2.8250 OK id=1stQhl-001aMo-1D
                            Sep 25, 2024 14:01:26.459201097 CEST49731587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 14:01:26.776341915 CEST58749731192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 14:01:27.494259119 CEST58749732192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:01:27 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:01:27.494657040 CEST49732587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:01:27.609988928 CEST58749732192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:01:27.610168934 CEST49732587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:01:27.725559950 CEST58749732192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:01:28.177222013 CEST58749732192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:01:28.177897930 CEST49732587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:01:28.293082952 CEST58749732192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 14:01:28.296197891 CEST49732587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:01:28.440748930 CEST58749732192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 14:01:28.440993071 CEST49732587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 14:01:28.556207895 CEST58749732192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 14:01:28.577342033 CEST49732587192.168.2.8192.185.35.35.
                            Sep 25, 2024 14:01:28.876343012 CEST58749732192.185.35.35192.168.2.8250 OK id=1stQi0-001agA-1b
                            Sep 25, 2024 14:01:33.595771074 CEST49732587192.168.2.8192.185.35.35QUIT
                            Sep 25, 2024 14:01:33.919122934 CEST58749732192.185.35.35192.168.2.8221 gator4084.hostgator.com closing connection
                            Sep 25, 2024 14:01:34.618051052 CEST58749733192.185.35.35192.168.2.8220-gator4084.hostgator.com ESMTP Exim 4.96.2 #2 Wed, 25 Sep 2024 07:01:34 -0500
                            220-We do not authorize the use of this system to transport unsolicited,
                            220 and/or bulk e-mail.
                            Sep 25, 2024 14:01:34.618364096 CEST49733587192.168.2.8192.185.35.35EHLO 992547
                            Sep 25, 2024 14:01:34.736171961 CEST58749733192.185.35.35192.168.2.8250-gator4084.hostgator.com Hello 992547 [8.46.123.33]
                            250-SIZE 52428800
                            250-8BITMIME
                            250-PIPELINING
                            250-PIPECONNECT
                            250-AUTH PLAIN LOGIN
                            250-STARTTLS
                            250 HELP
                            Sep 25, 2024 14:01:34.736442089 CEST49733587192.168.2.8192.185.35.35AUTH login aXNoYXFAdmlzaW9udHJhZGUuYWU=
                            Sep 25, 2024 14:01:34.852231026 CEST58749733192.185.35.35192.168.2.8334 UGFzc3dvcmQ6
                            Sep 25, 2024 14:01:34.972840071 CEST58749733192.185.35.35192.168.2.8235 Authentication succeeded
                            Sep 25, 2024 14:01:34.973180056 CEST49733587192.168.2.8192.185.35.35MAIL FROM:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:01:35.092569113 CEST58749733192.185.35.35192.168.2.8250 OK
                            Sep 25, 2024 14:01:35.092721939 CEST49733587192.168.2.8192.185.35.35RCPT TO:<ishaq@visiontrade.ae>
                            Sep 25, 2024 14:01:35.217775106 CEST58749733192.185.35.35192.168.2.8250 Accepted
                            Sep 25, 2024 14:01:35.218183041 CEST49733587192.168.2.8192.185.35.35DATA
                            Sep 25, 2024 14:01:35.333843946 CEST58749733192.185.35.35192.168.2.8354 Enter message, ending with "." on a line by itself
                            Sep 25, 2024 14:01:35.647916079 CEST58749733192.185.35.35192.168.2.8250 OK id=1stQi7-001arh-0s

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:07:57:23
                            Start date:25/09/2024
                            Path:C:\Users\user\Desktop\rPO_CW00402902400429.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\rPO_CW00402902400429.exe"
                            Imagebase:0x229a2ce0000
                            File size:1'148'447 bytes
                            MD5 hash:A95188AD665B3B47E8F51EF7F0B9FEBC
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1517731099.00000229A4E26000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1518442215.00000229B4F2B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1518442215.00000229B4F2B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:2
                            Start time:07:57:24
                            Start date:25/09/2024
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                            Wow64 process (32bit):
                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
                            Imagebase:
                            File size:43'008 bytes
                            MD5 hash:9827FF3CDF4B83F9C86354606736CA9C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:moderate
                            Has exited:false

                            General

                            Target ID:3
                            Start time:07:57:25
                            Start date:25/09/2024
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                            Wow64 process (32bit):
                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
                            Imagebase:
                            File size:42'064 bytes
                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:moderate
                            Has exited:false

                            General

                            Target ID:4
                            Start time:07:57:25
                            Start date:25/09/2024
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
                            Imagebase:0xfe0000
                            File size:108'664 bytes
                            MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3904500922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3904500922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3906035559.0000000003671000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3906035559.0000000003671000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:high
                            Has exited:false

                            General

                            Target ID:5
                            Start time:07:57:25
                            Start date:25/09/2024
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
                            Imagebase:0x400000
                            File size:108'664 bytes
                            MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:8
                            Start time:07:57:26
                            Start date:25/09/2024
                            Path:C:\Windows\System32\WerFault.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\WerFault.exe -u -p 2056 -s 1032
                            Imagebase:0x7ff764ce0000
                            File size:570'736 bytes
                            MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:11.2%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:13%
                              Total number of Nodes:23
                              Total number of Limit Nodes:1
                              execution_graph 21045 7ffb4b2bed75 21046 7ffb4b2bed83 Wow64SetThreadContext 21045->21046 21048 7ffb4b2bee1a 21046->21048 21017 7ffb4b2bf1da 21018 7ffb4b2bf1e7 ResumeThread 21017->21018 21020 7ffb4b2bf284 21018->21020 21021 7ffb4b2be35a 21022 7ffb4b2be367 NtUnmapViewOfSection 21021->21022 21024 7ffb4b2be40a 21022->21024 21029 7ffb4b2be139 21030 7ffb4b2be145 CreateProcessW 21029->21030 21032 7ffb4b2be272 21030->21032 21033 7ffb4b2a31b9 21034 7ffb4b2a31c5 VirtualProtect 21033->21034 21036 7ffb4b2a3271 21034->21036 21037 7ffb4b2be8ad 21038 7ffb4b2be8cf WriteProcessMemory 21037->21038 21040 7ffb4b2be981 21038->21040 21049 7ffb4b2be55d 21050 7ffb4b2be57f 21049->21050 21051 7ffb4b2be679 21050->21051 21052 7ffb4b2be716 VirtualAllocEx 21050->21052 21053 7ffb4b2be766 21052->21053

                              Executed Functions

                              Function 00007FFB4B2A8FF8 Relevance: 10.4, Strings: 7, Instructions: 1639COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID: (-6K$(-6K$H26K$H26K$hW6K$hW6K$p:6K
                              • API String ID: 0-3712775618
                              • Opcode ID: 785938d44c2f9ec3bfbdc8a7912501870aa8f3d85bd451942c86da08b35f9d02
                              • Instruction ID: 64a1a4f5583f835118012c81bd8b0f3fadd0c120453c1f988bac6fee039e33ca
                              • Opcode Fuzzy Hash: 785938d44c2f9ec3bfbdc8a7912501870aa8f3d85bd451942c86da08b35f9d02
                              • Instruction Fuzzy Hash: 8FC2C0B1A1CA498FDB99EF28C495AB97BE1FF59301F0440BDD04ED72A6DE24AC41CB41
                              Function 00007FFB4B2ABF41 Relevance: 3.9, Strings: 2, Instructions: 1444COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID: 8y6K$`}6K
                              • API String ID: 0-1435441841
                              • Opcode ID: c0f49582106a2dbca48f20f0c12e70f352989381d4b93904316bdd3dd3ea3812
                              • Instruction ID: d952e9b55e53e84640ffc2feee5dc2074e9750e1212705ecf844c87b20f09eec
                              • Opcode Fuzzy Hash: c0f49582106a2dbca48f20f0c12e70f352989381d4b93904316bdd3dd3ea3812
                              • Instruction Fuzzy Hash: FAA2387051CB4A8FE359EF38C8944B5BBE1FF89300B1485BED58AC72A6DA35E846C740
                              Function 00007FFB4B2A33D0 Relevance: 3.2, Strings: 2, Instructions: 733COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 875 7ffb4b2a33d0-7ffb4b2a4ae1 call 7ffb4b2a49a0 882 7ffb4b2a4b04-7ffb4b2a4b13 875->882 883 7ffb4b2a4ae3-7ffb4b2a4af9 call 7ffb4b2a49a0 call 7ffb4b2a49f0 882->883 884 7ffb4b2a4b15-7ffb4b2a4b2f call 7ffb4b2a49a0 call 7ffb4b2a49f0 882->884 893 7ffb4b2a4afb-7ffb4b2a4b02 883->893 894 7ffb4b2a4b30-7ffb4b2a4b80 883->894 893->882 899 7ffb4b2a4b8c-7ffb4b2a4bc3 894->899 900 7ffb4b2a4b82-7ffb4b2a4b87 call 7ffb4b2a35c0 894->900 903 7ffb4b2a4bc9-7ffb4b2a4bd4 899->903 904 7ffb4b2a4dbf-7ffb4b2a4e29 899->904 900->899 905 7ffb4b2a4bd6-7ffb4b2a4be4 903->905 906 7ffb4b2a4c48-7ffb4b2a4c4d 903->906 936 7ffb4b2a4e46-7ffb4b2a4e53 904->936 937 7ffb4b2a4e2b-7ffb4b2a4e31 904->937 905->904 908 7ffb4b2a4bea-7ffb4b2a4bf9 905->908 909 7ffb4b2a4cc0-7ffb4b2a4cca 906->909 910 7ffb4b2a4c4f-7ffb4b2a4c5b 906->910 912 7ffb4b2a4bfb-7ffb4b2a4c2b 908->912 913 7ffb4b2a4c2d-7ffb4b2a4c38 908->913 914 7ffb4b2a4cec-7ffb4b2a4cf4 909->914 915 7ffb4b2a4ccc-7ffb4b2a4cd9 call 7ffb4b2a35e0 909->915 910->904 916 7ffb4b2a4c61-7ffb4b2a4c74 910->916 912->913 921 7ffb4b2a4c79-7ffb4b2a4c7c 912->921 913->904 918 7ffb4b2a4c3e-7ffb4b2a4c46 913->918 919 7ffb4b2a4cf7-7ffb4b2a4d02 914->919 930 7ffb4b2a4cde-7ffb4b2a4cea 915->930 916->919 918->905 918->906 919->904 923 7ffb4b2a4d08-7ffb4b2a4d18 919->923 926 7ffb4b2a4c7e-7ffb4b2a4c8e 921->926 927 7ffb4b2a4c92-7ffb4b2a4c9a 921->927 923->904 928 7ffb4b2a4d1e-7ffb4b2a4d2b 923->928 926->927 927->904 929 7ffb4b2a4ca0-7ffb4b2a4cbf 927->929 928->904 931 7ffb4b2a4d31-7ffb4b2a4d4e 928->931 930->914 938 7ffb4b2a4d4f 931->938 944 7ffb4b2a4e54-7ffb4b2a4e70 936->944 939 7ffb4b2a4e33-7ffb4b2a4e44 937->939 940 7ffb4b2a4e71-7ffb4b2a4e88 937->940 942 7ffb4b2a4d59-7ffb4b2a4d62 938->942 943 7ffb4b2a4d51 938->943 939->936 939->937 940->944 951 7ffb4b2a4e8a-7ffb4b2a4ec5 940->951 947 7ffb4b2a4d64-7ffb4b2a4d6f 942->947 948 7ffb4b2a4dad-7ffb4b2a4dbe 942->948 943->904 945 7ffb4b2a4d53-7ffb4b2a4d57 943->945 945->942 947->948 954 7ffb4b2a4d71-7ffb4b2a4d88 947->954 956 7ffb4b2a4ec7-7ffb4b2a4ed7 951->956 957 7ffb4b2a4ed9-7ffb4b2a4f11 951->957 954->938 961 7ffb4b2a4d8a-7ffb4b2a4da8 call 7ffb4b2a35e0 954->961 956->956 956->957 963 7ffb4b2a4f13-7ffb4b2a4f19 957->963 964 7ffb4b2a4f68-7ffb4b2a4f6f 957->964 961->948 963->964 968 7ffb4b2a4f1b-7ffb4b2a4f1c 963->968 966 7ffb4b2a4fb2-7ffb4b2a4fdb 964->966 967 7ffb4b2a4f71-7ffb4b2a4f72 964->967 970 7ffb4b2a4f75-7ffb4b2a4f78 967->970 971 7ffb4b2a4f1f-7ffb4b2a4f22 968->971 973 7ffb4b2a4fdc-7ffb4b2a4ff1 970->973 974 7ffb4b2a4f7a-7ffb4b2a4f8b 970->974 972 7ffb4b2a4f28-7ffb4b2a4f35 971->972 971->973 976 7ffb4b2a4f37-7ffb4b2a4f5e 972->976 977 7ffb4b2a4f61-7ffb4b2a4f66 972->977 984 7ffb4b2a4ff3-7ffb4b2a4ffa 973->984 985 7ffb4b2a4ffb-7ffb4b2a5081 973->985 978 7ffb4b2a4fa9-7ffb4b2a4fb0 974->978 979 7ffb4b2a4f8d-7ffb4b2a4f93 974->979 976->977 977->964 977->971 978->966 978->970 979->973 982 7ffb4b2a4f95-7ffb4b2a4fa5 979->982 982->978 984->985
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID: Ho3K$d
                              • API String ID: 0-1825421495
                              • Opcode ID: 8de8ef9ac4306d8d24a53baf9eafcd8f748cfdc457ee298b6d4a2b227dfa160a
                              • Instruction ID: 511833782154de53298ecf9e4d91576db745d3090b0830aac04dfcb44e6d2391
                              • Opcode Fuzzy Hash: 8de8ef9ac4306d8d24a53baf9eafcd8f748cfdc457ee298b6d4a2b227dfa160a
                              • Instruction Fuzzy Hash: A32222B091CE4A4FE749FE3CD5815B1BBD1EF49310B1482BAD59AC75A7DE28E8438780
                              Function 00007FFB4B2A45F0 Relevance: 3.0, Strings: 2, Instructions: 454COMMON
                              Download Yara Rule

                              Control-flow Graph

                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID: fish$hK3K
                              • API String ID: 0-2626345392
                              • Opcode ID: 21058723483ae39159424d24ab7813e815e607c4135a8ce8ba3f9e5adc4fa909
                              • Instruction ID: 25a43a69f53e69750ff1ce54d73dd8486c9bb1674a35ead354b2e644c878239d
                              • Opcode Fuzzy Hash: 21058723483ae39159424d24ab7813e815e607c4135a8ce8ba3f9e5adc4fa909
                              • Instruction Fuzzy Hash: 49C16A71A1CE4A4FE74DBE3CD8555B6B7E1EF9A310B0441BED58BC35A2DE18E8028781
                              Function 00007FFB4B370000 Relevance: 2.2, Instructions: 2179COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521812601.00007FFB4B370000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b370000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f0fe058a7d3ea6dc122ff3a5c43b38bc1ae8778a277e0e7dcd41a03886975eff
                              • Instruction ID: d87977ee55a7be9c5290f16c5f5f17a0e4a8598122f56eda1bad7a0cf5f118c0
                              • Opcode Fuzzy Hash: f0fe058a7d3ea6dc122ff3a5c43b38bc1ae8778a277e0e7dcd41a03886975eff
                              • Instruction Fuzzy Hash: 13E2F6B680DBC64FE756EB78C8555A47FF0EF56300F1882FAD1C9CB1A2D9286846C781
                              Function 00007FFB4B2BACD8 Relevance: 1.9, Strings: 1, Instructions: 655COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1772 7ffb4b2bacd8-7ffb4b2bacf8 1773 7ffb4b2bacfa-7ffb4b2bad02 1772->1773 1774 7ffb4b2bad42-7ffb4b2bad9d 1772->1774 1776 7ffb4b2bad04-7ffb4b2bad0e 1773->1776 1777 7ffb4b2bad27-7ffb4b2bad2d 1773->1777 1778 7ffb4b2bad9e 1774->1778 1785 7ffb4b2bad9f-7ffb4b2badb6 1774->1785 1781 7ffb4b2bad1a-7ffb4b2bad25 1776->1781 1782 7ffb4b2bad10 1776->1782 1777->1778 1779 7ffb4b2bad2f-7ffb4b2bad31 1777->1779 1778->1785 1783 7ffb4b2bad35-7ffb4b2bad3b 1779->1783 1781->1783 1782->1781 1788 7ffb4b2badb8-7ffb4b2badfc 1785->1788 1789 7ffb4b2bae0f-7ffb4b2bae35 1785->1789 1788->1789 1792 7ffb4b2bae37-7ffb4b2bae62 1789->1792 1793 7ffb4b2bae7f-7ffb4b2baeb4 call 7ffb4b2ab020 * 2 1789->1793 1794 7ffb4b2bae68-7ffb4b2bae7c 1792->1794 1795 7ffb4b2bb210-7ffb4b2bb21a 1792->1795 1805 7ffb4b2baeba-7ffb4b2baed9 call 7ffb4b2ad180 1793->1805 1806 7ffb4b2bb07c-7ffb4b2bb08c 1793->1806 1794->1793 1804 7ffb4b2bb21c-7ffb4b2bb231 1795->1804 1807 7ffb4b2bb233-7ffb4b2bb269 1804->1807 1817 7ffb4b2baef3-7ffb4b2baf0a call 7ffb4b2a0238 1805->1817 1818 7ffb4b2baedb-7ffb4b2baf0a 1805->1818 1808 7ffb4b2bb092-7ffb4b2bb0a7 call 7ffb4b2ab020 1806->1808 1809 7ffb4b2bb130-7ffb4b2bb14f call 7ffb4b2ad180 1806->1809 1820 7ffb4b2bb0ab-7ffb4b2bb0c7 call 7ffb4b2a64b0 1808->1820 1823 7ffb4b2bb16b-7ffb4b2bb172 1809->1823 1824 7ffb4b2bb150-7ffb4b2bb169 1809->1824 1834 7ffb4b2baf0c-7ffb4b2baf23 1817->1834 1818->1834 1833 7ffb4b2bb0cc-7ffb4b2bb0eb call 7ffb4b2a94b8 1820->1833 1825 7ffb4b2bb174-7ffb4b2bb177 1823->1825 1826 7ffb4b2bb1cb-7ffb4b2bb1e2 call 7ffb4b2a74e0 1823->1826 1824->1823 1831 7ffb4b2bb179-7ffb4b2bb17c 1825->1831 1832 7ffb4b2bb1f8-7ffb4b2bb20f 1825->1832 1826->1795 1841 7ffb4b2bb1e4-7ffb4b2bb1f5 1826->1841 1837 7ffb4b2bb17d 1831->1837 1842 7ffb4b2bb0f0-7ffb4b2bb0f7 1833->1842 1845 7ffb4b2baf2b-7ffb4b2baf48 1834->1845 1843 7ffb4b2bb182-7ffb4b2bb191 1837->1843 1841->1832 1842->1824 1844 7ffb4b2bb0f9-7ffb4b2bb0fc 1842->1844 1851 7ffb4b2bb199-7ffb4b2bb1ab 1843->1851 1844->1837 1846 7ffb4b2bb0fe-7ffb4b2bb111 1844->1846 1855 7ffb4b2baf65-7ffb4b2baf66 1845->1855 1856 7ffb4b2baf4a-7ffb4b2baf63 1845->1856 1846->1843 1848 7ffb4b2bb113-7ffb4b2bb118 1846->1848 1850 7ffb4b2bb11a-7ffb4b2bb12b call 7ffb4b2a7880 1848->1850 1848->1851 1860 7ffb4b2bb1c5-7ffb4b2bb1c9 1850->1860 1851->1804 1853 7ffb4b2bb1ad-7ffb4b2bb1b2 1851->1853 1853->1807 1857 7ffb4b2bb1b4-7ffb4b2bb1be 1853->1857 1859 7ffb4b2baf68-7ffb4b2baf6f 1855->1859 1856->1859 1857->1860 1861 7ffb4b2bb1c0 call 7ffb4b2a7880 1857->1861 1859->1845 1863 7ffb4b2baf71-7ffb4b2bafaf 1859->1863 1860->1826 1861->1860 1866 7ffb4b2bb01e-7ffb4b2bb02a 1863->1866 1867 7ffb4b2bafb1-7ffb4b2bafd1 1863->1867 1866->1820 1869 7ffb4b2bb02c-7ffb4b2bb069 1866->1869 1871 7ffb4b2bb006-7ffb4b2bb018 1867->1871 1872 7ffb4b2bafd3-7ffb4b2baff7 1867->1872 1884 7ffb4b2bb0ea-7ffb4b2bb0f7 call 7ffb4b2a94b8 1869->1884 1885 7ffb4b2bb06b-7ffb4b2bb075 1869->1885 1875 7ffb4b2bb01a-7ffb4b2bb01c 1871->1875 1876 7ffb4b2bb077 call 7ffb4b2a7880 1871->1876 1878 7ffb4b2bb003-7ffb4b2bb004 1872->1878 1879 7ffb4b2baff9-7ffb4b2bafff 1872->1879 1875->1866 1875->1867 1876->1806 1878->1871 1879->1872 1882 7ffb4b2bb001 1879->1882 1882->1871 1884->1824 1884->1844 1885->1876
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID: 7*K
                              • API String ID: 0-2216601171
                              • Opcode ID: ab0f5f5dad41df4350ec666488f8fd84b5572d2879444fb471c276da3a47a6f6
                              • Instruction ID: 52776e2e39a6ddfde90635c2bdf352b7bf7d8a60e32ee8306eff5ba99ab2d9e2
                              • Opcode Fuzzy Hash: ab0f5f5dad41df4350ec666488f8fd84b5572d2879444fb471c276da3a47a6f6
                              • Instruction Fuzzy Hash: 9212477090DB8A4FE759FF38C4556B57BE0EF56300F0445BED18AC71A2DE28A846C781
                              Function 00007FFB4B2BE35A Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID: SectionUnmapView
                              • String ID:
                              • API String ID: 498011366-0
                              • Opcode ID: ffb51094548ec87159945729afc9e4bf9b102a9c156b645cacf0878abdbfaecb
                              • Instruction ID: 722e8db9f6c0e6ea2cfaf7be08c1f6632f107c4abdc546feb79d80648fe51806
                              • Opcode Fuzzy Hash: ffb51094548ec87159945729afc9e4bf9b102a9c156b645cacf0878abdbfaecb
                              • Instruction Fuzzy Hash: 3731E37190CA4C8FDB58EF68D84A7E9BBE1FB5A320F04416FD049D7152CA70A845CB91
                              Function 00007FFB4B2AEAC9 Relevance: 1.6, Instructions: 1597COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 916eb319535231d739f9297ce6ee4ab83f0fe65169a28b6909fdf9e49646dc26
                              • Instruction ID: c953394c4c63af10762ffab2b393fd908a64905dc803fca1038d5f8d86b8ae92
                              • Opcode Fuzzy Hash: 916eb319535231d739f9297ce6ee4ab83f0fe65169a28b6909fdf9e49646dc26
                              • Instruction Fuzzy Hash: FDB2267160CB454FD759EF38C4814B5BBE1FF89301B1486BEE58AC72A6DE38A846C781
                              Function 00007FFB4B2B9639 Relevance: 1.4, Instructions: 1386COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 36ccaac6679f13b0e404f30e7efb08f2063ade14c06cab4ec508e04f32c721e6
                              • Instruction ID: a22b8e9b814f0fa08baaecc47d36415a8628a0a0d6e255da787149c76e7b5637
                              • Opcode Fuzzy Hash: 36ccaac6679f13b0e404f30e7efb08f2063ade14c06cab4ec508e04f32c721e6
                              • Instruction Fuzzy Hash: B56298B190CA964FE759FF38C4911B57BE1FFA5310B1481BED18AC71A3DE29A846C780
                              Function 00007FFB4B2B025F Relevance: 1.4, Instructions: 1364COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c6c0bbb6a41464b9ac2f19d7e1ab29e96b494c4611e5a0c3f2a2e9ac7aef6b67
                              • Instruction ID: 599db5951d19af331cedc41759ba35aece3e8f46b777ec3f8d1b489708549578
                              • Opcode Fuzzy Hash: c6c0bbb6a41464b9ac2f19d7e1ab29e96b494c4611e5a0c3f2a2e9ac7aef6b67
                              • Instruction Fuzzy Hash: F272677191CB494FE35AFF38C4815B67BE1FF95300B1086BED58AC72A6DE24A846C781
                              Function 00007FFB4B2A8FF0 Relevance: .9, Instructions: 871COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 94a9d262ec008d7b3f6b88f3ec6c519e8ba5c6f28a456066ddbe7712b6130170
                              • Instruction ID: faec91bda66126c0586ba4d64f337c62ec4c40a345afc507662627f448905d3e
                              • Opcode Fuzzy Hash: 94a9d262ec008d7b3f6b88f3ec6c519e8ba5c6f28a456066ddbe7712b6130170
                              • Instruction Fuzzy Hash: 0742D570A1CA498FDB68FF28D8556797BE1EF59340F1441BEE48EC72A2DE24EC428741
                              Function 00007FFB4B2B7AE8 Relevance: .8, Instructions: 833COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 37d38bf5c8166efe3a1ba1abc87ea587dcbbde328863b2575ff277ceed327ad2
                              • Instruction ID: f236758a08e63c229cde4affcf9fad7d30e35f3309ebca589367b15b79978c35
                              • Opcode Fuzzy Hash: 37d38bf5c8166efe3a1ba1abc87ea587dcbbde328863b2575ff277ceed327ad2
                              • Instruction Fuzzy Hash: 7A4291B0A1CA4A4FEB58FF28C5516FA7BE1FF58300F14817DD95EC7296DE28A8428741
                              Function 00007FFB4B2AB2F4 Relevance: .8, Instructions: 810COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a58f077fddfcd57fba597aec249d8e19058f8379b230893b07f064e346c42ad5
                              • Instruction ID: 9f7f66d252e45cbb5552f2fc0cf3f99a5d15edfb7f22229660ded44194adb1be
                              • Opcode Fuzzy Hash: a58f077fddfcd57fba597aec249d8e19058f8379b230893b07f064e346c42ad5
                              • Instruction Fuzzy Hash: 6F32697190CB8A4FE359FF38C4951B5BBD1FF99301B1485BED58AC32A6DD28A842C781
                              Function 00007FFB4B2A7420 Relevance: .5, Instructions: 505COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3233dd669f211a805f2a55a9260d80a082e50634a63dad618e750e184d06f6af
                              • Instruction ID: 121732202697d235fcd3d8702d77e70130f25d82caa20d055720e41264165812
                              • Opcode Fuzzy Hash: 3233dd669f211a805f2a55a9260d80a082e50634a63dad618e750e184d06f6af
                              • Instruction Fuzzy Hash: 44E13471A1DA064FEB5DBE38C4915B6BBD1EF98310B1481BDD58BC75E2DD28F8828780
                              Function 00007FFB4B2A0909 Relevance: .4, Instructions: 394COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4005f5065c7af41fbcabcf3bcadc5a354c88b3a3a7d366d722c4073341819d69
                              • Instruction ID: 12ef78a3a7667cf19d9f56204e6f774d9ade7ea551c63a9a3ec56d8943dffd08
                              • Opcode Fuzzy Hash: 4005f5065c7af41fbcabcf3bcadc5a354c88b3a3a7d366d722c4073341819d69
                              • Instruction Fuzzy Hash: 0AC15FA1B2CA494FE799BB78D9257BAABD2FF9C310F0441B5E10DD32A3DD186C418352
                              Function 00007FFB4B2ABB60 Relevance: .4, Instructions: 382COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 48cee44ef59e9de801fbfafb20c1fa629a0f45d302f28db688833058591cfd5f
                              • Instruction ID: e82027630d3c4ea9e6cb5e95f795a20e3647950285e0fca636972c23add92a76
                              • Opcode Fuzzy Hash: 48cee44ef59e9de801fbfafb20c1fa629a0f45d302f28db688833058591cfd5f
                              • Instruction Fuzzy Hash: EFC1697150CB864FE31DEF39C4991B5BBE2EF86301B1486BED5C6C72A5DE24A406C781
                              Function 00007FFB4B2B4BE5 Relevance: .2, Instructions: 189COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c71cebe14b12e8a639b853b37a98a5e26feacebcb0bf85e86e10618f9502dd08
                              • Instruction ID: b6cba3108b616670a97ccc271347ee7a48352ca5630121ba56257e18c08fd5bd
                              • Opcode Fuzzy Hash: c71cebe14b12e8a639b853b37a98a5e26feacebcb0bf85e86e10618f9502dd08
                              • Instruction Fuzzy Hash: 0B515871A0D7894FD31EAF38C8150A67FE1EB87310B15C2BFD186CB1A7DD2868468792
                              Function 00007FFB4B2BE55D Relevance: 1.8, APIs: 1, Instructions: 274memoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2133 7ffb4b2be55d-7ffb4b2be589 2135 7ffb4b2be5d3-7ffb4b2be5fc call 7ffb4b2ab020 2133->2135 2136 7ffb4b2be58b-7ffb4b2be5b6 2133->2136 2143 7ffb4b2be637-7ffb4b2be643 2135->2143 2144 7ffb4b2be5fe-7ffb4b2be635 2135->2144 2137 7ffb4b2be694-7ffb4b2be69a 2136->2137 2138 7ffb4b2be5bc-7ffb4b2be5cf 2136->2138 2145 7ffb4b2be69c-7ffb4b2be6c8 2137->2145 2138->2135 2143->2145 2146 7ffb4b2be645-7ffb4b2be648 2143->2146 2158 7ffb4b2be668-7ffb4b2be670 2144->2158 2150 7ffb4b2be6c9-7ffb4b2be6cc 2145->2150 2149 7ffb4b2be64a-7ffb4b2be65c 2146->2149 2146->2150 2152 7ffb4b2be65e-7ffb4b2be663 2149->2152 2153 7ffb4b2be6cd-7ffb4b2be6e0 2149->2153 2150->2153 2155 7ffb4b2be665-7ffb4b2be666 2152->2155 2156 7ffb4b2be6e4-7ffb4b2be6f7 2152->2156 2154 7ffb4b2be6e1-7ffb4b2be6e3 2153->2154 2154->2156 2155->2158 2161 7ffb4b2be6f8-7ffb4b2be764 VirtualAllocEx 2156->2161 2158->2154 2160 7ffb4b2be672-7ffb4b2be677 2158->2160 2160->2161 2162 7ffb4b2be679-7ffb4b2be693 call 7ffb4b2a7880 2160->2162 2166 7ffb4b2be766 2161->2166 2167 7ffb4b2be76c-7ffb4b2be789 2161->2167 2166->2167
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: fd012d61b2f28b5d77b37ccad74852abe15060a2d89c4d616568c497a6f116cb
                              • Instruction ID: 1aaf3a8e7be2cb8bb350307243fe394f64dd9fe74d1104d95a1cfcef41cd9914
                              • Opcode Fuzzy Hash: fd012d61b2f28b5d77b37ccad74852abe15060a2d89c4d616568c497a6f116cb
                              • Instruction Fuzzy Hash: 4481467190CB494FE759FE38D8465E9BBE0FF99310F00497ED089C72A2DE25A8468782
                              Function 00007FFB4B2A96CD Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2168 7ffb4b2a96cd-7ffb4b2a96d9 2169 7ffb4b2a9688-7ffb4b2a96c6 2168->2169 2170 7ffb4b2a96db-7ffb4b2a96ee 2168->2170 2169->2168 2177 7ffb4b2a96f0-7ffb4b2a9741 2170->2177 2185 7ffb4b2a9743-7ffb4b2b868f VirtualProtect 2177->2185 2190 7ffb4b2b8697-7ffb4b2b86bf 2185->2190 2191 7ffb4b2b8691 2185->2191 2191->2190
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b7039c45a42dce972d3bfac95583aca15c91b6babbc803def6056bcdca370305
                              • Instruction ID: a3433e043ab6766952cc4ea2457cbf37d666ed12becf440395518c7a7be719bb
                              • Opcode Fuzzy Hash: b7039c45a42dce972d3bfac95583aca15c91b6babbc803def6056bcdca370305
                              • Instruction Fuzzy Hash: E25168B2A0DA288FD715BF7DD8451FABBE0EF59725F0442BED04DC3193EE24644286A1
                              Function 00007FFB4B2BE0F5 Relevance: 1.7, APIs: 1, Instructions: 191COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2192 7ffb4b2be0f5-7ffb4b2be101 2193 7ffb4b2be105-7ffb4b2be11e 2192->2193 2194 7ffb4b2be103 2192->2194 2197 7ffb4b2be124-7ffb4b2be128 2193->2197 2198 7ffb4b2be120-7ffb4b2be122 2193->2198 2194->2193 2195 7ffb4b2be145-7ffb4b2be1cc 2194->2195 2203 7ffb4b2be1d6-7ffb4b2be1db 2195->2203 2204 7ffb4b2be1ce-7ffb4b2be1d3 2195->2204 2200 7ffb4b2be12f-7ffb4b2be134 2197->2200 2198->2200 2205 7ffb4b2be1e5-7ffb4b2be207 2203->2205 2206 7ffb4b2be1dd-7ffb4b2be1e2 2203->2206 2204->2203 2207 7ffb4b2be209-7ffb4b2be20e 2205->2207 2208 7ffb4b2be211-7ffb4b2be270 CreateProcessW 2205->2208 2206->2205 2207->2208 2209 7ffb4b2be278-7ffb4b2be2a5 2208->2209 2210 7ffb4b2be272 2208->2210 2210->2209
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cde8dc15ea33b8baf0bcd709b762f2140068f9819bd5563b851b7c85166e02c0
                              • Instruction ID: d303918503b3d199c2ce524acd61780bd3913158285d77061da0906aeb1ec4e4
                              • Opcode Fuzzy Hash: cde8dc15ea33b8baf0bcd709b762f2140068f9819bd5563b851b7c85166e02c0
                              • Instruction Fuzzy Hash: 5551C37180CB4C8FDB99EF6CD4056A9BFE0EB99310F04466FE489D7291DB74A8458B81
                              Function 00007FFB4B2BCA92 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2211 7ffb4b2bca92-7ffb4b2bcac2 2217 7ffb4b2bcac4-7ffb4b2bcad9 2211->2217 2218 7ffb4b2bcb10-7ffb4b2be97f WriteProcessMemory 2211->2218 2223 7ffb4b2bcb54-7ffb4b2bcb7a 2217->2223 2224 7ffb4b2bcadb-7ffb4b2bcb04 2217->2224 2228 7ffb4b2be987-7ffb4b2be9b1 2218->2228 2229 7ffb4b2be981 2218->2229 2236 7ffb4b2bcbc8-7ffb4b2bcc72 2223->2236 2237 7ffb4b2bcb7c-7ffb4b2bcb85 2223->2237 2234 7ffb4b2bcb06 2224->2234 2235 7ffb4b2bcb1e-7ffb4b2bcb2a 2224->2235 2229->2228 2240 7ffb4b2bcb78-7ffb4b2bcb85 2235->2240 2241 7ffb4b2bcb2c-7ffb4b2bcb30 2235->2241 2262 7ffb4b2bcc74-7ffb4b2bcc77 call 7ffb4b2b7ae8 2236->2262 2263 7ffb4b2bcc7c-7ffb4b2bcc7f 2236->2263 2239 7ffb4b2bcb87-7ffb4b2bcbc4 2237->2239 2239->2236 2240->2239 2244 7ffb4b2bcb17-7ffb4b2bcb1c 2241->2244 2245 7ffb4b2bcb32-7ffb4b2bcb53 2241->2245 2244->2235 2245->2223 2262->2263 2265 7ffb4b2bcca2-7ffb4b2bccb5 2263->2265 2266 7ffb4b2bcc81-7ffb4b2bcca0 2263->2266 2266->2265
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e9d46fc0064cfe54a80067c29e5968945d5d0cb2592c34a488d93703e57a8ac4
                              • Instruction ID: 6e093872aa2b820e734c92165d827cc04a55bcb8a440376c75ba43527db5b113
                              • Opcode Fuzzy Hash: e9d46fc0064cfe54a80067c29e5968945d5d0cb2592c34a488d93703e57a8ac4
                              • Instruction Fuzzy Hash: A451257290C6588FD714EF6CE8466E97BE0EF95321F0442BFE189C3192DE3578468791
                              Function 00007FFB4B2BE139 Relevance: 1.7, APIs: 1, Instructions: 173processCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2270 7ffb4b2be139-7ffb4b2be1cc 2275 7ffb4b2be1d6-7ffb4b2be1db 2270->2275 2276 7ffb4b2be1ce-7ffb4b2be1d3 2270->2276 2277 7ffb4b2be1e5-7ffb4b2be207 2275->2277 2278 7ffb4b2be1dd-7ffb4b2be1e2 2275->2278 2276->2275 2279 7ffb4b2be209-7ffb4b2be20e 2277->2279 2280 7ffb4b2be211-7ffb4b2be270 CreateProcessW 2277->2280 2278->2277 2279->2280 2281 7ffb4b2be278-7ffb4b2be2a5 2280->2281 2282 7ffb4b2be272 2280->2282 2282->2281
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: fb485e0d7f1837af45d130e2b3052728bf80c777afda1ca8ec730d3da9430c72
                              • Instruction ID: 3c6e363237abc821d293fbb4c35234fb700819e0bbcecffc77869813629f1e5e
                              • Opcode Fuzzy Hash: fb485e0d7f1837af45d130e2b3052728bf80c777afda1ca8ec730d3da9430c72
                              • Instruction Fuzzy Hash: 0251C07180CB5C8FDB59EF5CD8046A9BBF1FB99320F04466FE489D3251DB74A8458B81
                              Function 00007FFB4B2BEF06 Relevance: 1.6, APIs: 1, Instructions: 132injectionCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2418 7ffb4b2bef06-7ffb4b2bef9a 2423 7ffb4b2befa4-7ffb4b2befe9 WriteProcessMemory 2418->2423 2424 7ffb4b2bef9c-7ffb4b2befa1 2418->2424 2425 7ffb4b2befeb 2423->2425 2426 7ffb4b2beff1-7ffb4b2bf01b 2423->2426 2424->2423 2425->2426
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 4a8e36d42788d8488e2e62a3a9c397585f250193fc62936a59b27bc2a0be0410
                              • Instruction ID: 2939cf548c2db5dd56e40c2a6cd7f7c4ec70740f52c040c54673829ecfc92918
                              • Opcode Fuzzy Hash: 4a8e36d42788d8488e2e62a3a9c397585f250193fc62936a59b27bc2a0be0410
                              • Instruction Fuzzy Hash: 7741E37190CB588FDB58EF58D8456E9BBE1FF99311F00826FE089D3252CB74A845CB82
                              Function 00007FFB4B2BE8AD Relevance: 1.6, APIs: 1, Instructions: 130injectionCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2427 7ffb4b2be8ad-7ffb4b2be97f WriteProcessMemory 2431 7ffb4b2be987-7ffb4b2be9b1 2427->2431 2432 7ffb4b2be981 2427->2432 2432->2431
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 02d069e9fa610ce5685e8d8dbe89f863b8508920cc286af2534aa4ebc8ed2904
                              • Instruction ID: f06391894fbf8d08b87b44ab13021b848ff91a7499b6ef889ad53fb311258cda
                              • Opcode Fuzzy Hash: 02d069e9fa610ce5685e8d8dbe89f863b8508920cc286af2534aa4ebc8ed2904
                              • Instruction Fuzzy Hash: A431077090CB888FDB19DF6CD8466F97FE1EB99311F04426FE089C3252CA749846C792
                              Function 00007FFB4B2A31B9 Relevance: 1.6, APIs: 1, Instructions: 124memoryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: 070151023975ac8fee7a6baf60a773fae5fd581e720f09f47e2610293825168b
                              • Instruction ID: 90f1c9bf4393a936131d0961122457be948d2be972c662d3e6f85050e7c5a725
                              • Opcode Fuzzy Hash: 070151023975ac8fee7a6baf60a773fae5fd581e720f09f47e2610293825168b
                              • Instruction Fuzzy Hash: 0F31C57190CA5C8FDB18EFACD8456F97BE1EB9A321F04426FD049D3192CB646846CB91
                              Function 00007FFB4B2B85D9 Relevance: 1.6, APIs: 1, Instructions: 118memoryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: 39b5a886b34e0dd17a85bb925ca85c220dcf17ffab7e795650a6698beffc6eeb
                              • Instruction ID: a34ba6590cab2e47fa32c7a674f6bf6e6d1fe7ff8b00dcb1dce838a91202fcfb
                              • Opcode Fuzzy Hash: 39b5a886b34e0dd17a85bb925ca85c220dcf17ffab7e795650a6698beffc6eeb
                              • Instruction Fuzzy Hash: 8331D43190CB5C8FDB18EFA8D8456F9BBF1EB99321F04426FD049C3192DB616856CB91
                              Function 00007FFB4B2BED75 Relevance: 1.6, APIs: 1, Instructions: 106threadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID: ContextThreadWow64
                              • String ID:
                              • API String ID: 983334009-0
                              • Opcode ID: c5000bfeb33c4f56693524686f4adcbd0714092abcffa2d1fe4c28877e653b96
                              • Instruction ID: 1e8c09bf99c152d2a8fc521d3b3106660ef3ce914bccb7d2a457eefabf9c6c2e
                              • Opcode Fuzzy Hash: c5000bfeb33c4f56693524686f4adcbd0714092abcffa2d1fe4c28877e653b96
                              • Instruction Fuzzy Hash: 5131027090C64C8FEB59EF68D8456F97FE1EB66321F0441AFD089C7192CA70A806CB91
                              Function 00007FFB4B2BF1DA Relevance: 1.6, APIs: 1, Instructions: 104threadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 1a5a65bd9b57534f9c1aa0293cd412ae9745efa19082f331916ca35cc787b964
                              • Instruction ID: f38781b389526698a27b4726ac7497d2a6b03a209e5349745ce19785e4f54ac1
                              • Opcode Fuzzy Hash: 1a5a65bd9b57534f9c1aa0293cd412ae9745efa19082f331916ca35cc787b964
                              • Instruction Fuzzy Hash: EA21C37090CA4C9FDB58EF68D8497E9BBE0FF55320F00826ED049D3152DB65A416CB91
                              Function 00007FFB4B3710C9 Relevance: .2, Instructions: 155COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521812601.00007FFB4B370000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b370000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dd87a020f3fdebe83f7cf08d65572c102f71ef85f07e89e252b74750eeffa666
                              • Instruction ID: c6d1253702c887a7cde26c91b373163512d6ae55f6d1da05224e1c007a2c7d30
                              • Opcode Fuzzy Hash: dd87a020f3fdebe83f7cf08d65572c102f71ef85f07e89e252b74750eeffa666
                              • Instruction Fuzzy Hash: A041F97690CF8D4FDB56EF24C8955A87FF0FF55300B1581AAD089CB1A2DA25AC51C781

                              Non-executed Functions

                              Function 00007FFB4B2B86C4 Relevance: .5, Instructions: 535COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.1521420424.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ffb4b2a0000_rPO_CW00402902400429.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 54f23d37af8168ababb1e2d3019d2a602bf5a14d9bea9e4f278deae5576f2f29
                              • Instruction ID: 64ef21ca85841d8afcc7b3c5a37633868808e48095d9bffd989af39c404052cc
                              • Opcode Fuzzy Hash: 54f23d37af8168ababb1e2d3019d2a602bf5a14d9bea9e4f278deae5576f2f29
                              • Instruction Fuzzy Hash: B4F1237150CB4A4FE719EF34C4914B5BBE1FF95301B0486BEE49AC72A6EE24E846C781

                              Execution Graph

                              Execution Coverage:11.5%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:401
                              Total number of Limit Nodes:35
                              execution_graph 50948 69aee48 50949 69aee8c SetWindowsHookExA 50948->50949 50951 69aeed2 50949->50951 50946 314b050 DuplicateHandle 50947 314b0e6 50946->50947 50952 8c4a910 50955 8c4a920 50952->50955 50953 8c4a925 50954 8c4a961 50955->50953 50958 14f39af 50955->50958 50963 14f39c0 50955->50963 50960 14f39dc 50958->50960 50959 14f3aec 50959->50954 50960->50959 50961 69a3c6a GlobalMemoryStatusEx 50960->50961 50962 69a3c78 GlobalMemoryStatusEx 50960->50962 50961->50960 50962->50960 50964 14f39dc 50963->50964 50965 14f3aec 50964->50965 50966 69a3c6a GlobalMemoryStatusEx 50964->50966 50967 69a3c78 GlobalMemoryStatusEx 50964->50967 50965->50954 50966->50964 50967->50964 50968 314d4c0 50969 314d505 MessageBoxW 50968->50969 50971 314d54c 50969->50971 51257 308d0f0 51258 308d108 51257->51258 51259 308d162 51258->51259 51264 69ab648 51258->51264 51268 69ab637 51258->51268 51272 69ac310 51258->51272 51284 69a9ebc 51258->51284 51265 69ab66e 51264->51265 51266 69a9ebc 4 API calls 51265->51266 51267 69ab68f 51266->51267 51267->51259 51269 69ab648 51268->51269 51270 69a9ebc 4 API calls 51269->51270 51271 69ab68f 51270->51271 51271->51259 51273 69ac320 51272->51273 51274 69ac381 51273->51274 51276 69ac371 51273->51276 51277 69ac37f 51274->51277 51333 69a9fd4 51274->51333 51296 69ac499 51276->51296 51302 69ac4a8 51276->51302 51308 8c465a4 51276->51308 51314 8c4657f 51276->51314 51323 8c464c9 51276->51323 51328 8c464d8 51276->51328 51285 69a9ec7 51284->51285 51286 69ac381 51285->51286 51288 69ac371 51285->51288 51287 69a9fd4 4 API calls 51286->51287 51289 69ac37f 51286->51289 51287->51289 51290 8c465a4 4 API calls 51288->51290 51291 69ac4a8 4 API calls 51288->51291 51292 69ac499 4 API calls 51288->51292 51293 8c4657f 4 API calls 51288->51293 51294 8c464d8 4 API calls 51288->51294 51295 8c464c9 4 API calls 51288->51295 51290->51289 51291->51289 51292->51289 51293->51289 51294->51289 51295->51289 51298 69ac4a8 51296->51298 51297 69a9fd4 4 API calls 51297->51298 51298->51297 51299 69ac592 51298->51299 51340 69acd70 51298->51340 51345 69acd80 51298->51345 51299->51277 51304 69ac4b6 51302->51304 51303 69a9fd4 4 API calls 51303->51304 51304->51303 51305 69ac592 51304->51305 51306 69acd80 OleGetClipboard 51304->51306 51307 69acd70 OleGetClipboard 51304->51307 51305->51277 51306->51304 51307->51304 51309 8c46562 51308->51309 51310 8c465b2 51308->51310 51313 8c4657f 4 API calls 51309->51313 51394 8c46590 51309->51394 51311 8c46578 51311->51277 51313->51311 51315 8c4658e 51314->51315 51316 8c4658a 51314->51316 51319 8c479c0 4 API calls 51315->51319 51320 8c465a1 51315->51320 51316->51315 51318 8c46510 51316->51318 51317 8c46578 51317->51277 51321 8c46590 4 API calls 51318->51321 51322 8c4657f 4 API calls 51318->51322 51319->51320 51320->51277 51321->51317 51322->51317 51325 8c464ec 51323->51325 51324 8c46578 51324->51277 51326 8c46590 4 API calls 51325->51326 51327 8c4657f 4 API calls 51325->51327 51326->51324 51327->51324 51329 8c464ec 51328->51329 51331 8c46590 4 API calls 51329->51331 51332 8c4657f 4 API calls 51329->51332 51330 8c46578 51330->51277 51331->51330 51332->51330 51334 69a9fdf 51333->51334 51335 69ac5ea 51334->51335 51336 69ac694 51334->51336 51338 69ac642 CallWindowProcW 51335->51338 51339 69ac5f1 51335->51339 51337 69a9ebc 3 API calls 51336->51337 51337->51339 51338->51339 51339->51277 51341 69acd9f 51340->51341 51342 69ace3a 51341->51342 51350 69acf30 51341->51350 51356 69acf1f 51341->51356 51342->51298 51346 69acd9f 51345->51346 51347 69ace3a 51346->51347 51348 69acf1f OleGetClipboard 51346->51348 51349 69acf30 OleGetClipboard 51346->51349 51347->51298 51348->51346 51349->51346 51352 69acf38 51350->51352 51351 69acf4c 51351->51341 51352->51351 51362 69acf78 51352->51362 51372 69acf68 51352->51372 51353 69acf61 51353->51341 51357 69acf38 51356->51357 51358 69acf4c 51357->51358 51360 69acf78 OleGetClipboard 51357->51360 51361 69acf68 OleGetClipboard 51357->51361 51358->51341 51359 69acf61 51359->51341 51360->51359 51361->51359 51363 69acf8a 51362->51363 51364 69acfa5 51363->51364 51365 69acfe9 51363->51365 51370 69acf78 OleGetClipboard 51364->51370 51371 69acf68 OleGetClipboard 51364->51371 51367 69acfab 51365->51367 51382 69ad150 51365->51382 51386 69ad140 51365->51386 51366 69ad087 51366->51353 51367->51353 51370->51367 51371->51367 51373 69acf78 51372->51373 51374 69acfa5 51373->51374 51375 69acfe9 51373->51375 51378 69acf78 OleGetClipboard 51374->51378 51379 69acf68 OleGetClipboard 51374->51379 51377 69acfab 51375->51377 51380 69ad150 OleGetClipboard 51375->51380 51381 69ad140 OleGetClipboard 51375->51381 51376 69ad087 51376->51353 51377->51353 51378->51377 51379->51377 51380->51376 51381->51376 51384 69ad165 51382->51384 51385 69ad18b 51384->51385 51390 69acbec 51384->51390 51385->51366 51387 69ad150 51386->51387 51388 69acbec OleGetClipboard 51387->51388 51389 69ad18b 51387->51389 51388->51387 51389->51366 51391 69ad1f8 OleGetClipboard 51390->51391 51393 69ad292 51391->51393 51395 8c465a1 51394->51395 51397 8c479c0 51394->51397 51395->51311 51398 8c479d0 51397->51398 51402 69a9fd4 4 API calls 51398->51402 51403 69ac597 51398->51403 51410 69a9fa7 51398->51410 51399 8c479da 51399->51395 51402->51399 51404 69ac5a8 51403->51404 51405 69ac5ea 51404->51405 51406 69ac694 51404->51406 51408 69ac642 CallWindowProcW 51405->51408 51409 69ac5f1 51405->51409 51407 69a9ebc 3 API calls 51406->51407 51407->51409 51408->51409 51409->51399 51411 69a9fbd 51410->51411 51412 69ac5ea 51411->51412 51413 69ac694 51411->51413 51415 69ac642 CallWindowProcW 51412->51415 51416 69ac5f1 51412->51416 51414 69a9ebc 3 API calls 51413->51414 51414->51416 51415->51416 51416->51399 51417 314ba6f 51420 314b82c 51417->51420 51421 314b837 51420->51421 51425 314cc40 51421->51425 51429 314cc30 51421->51429 51422 314ba7c 51426 314cc8f 51425->51426 51433 314b98c 51426->51433 51430 314cc36 51429->51430 51431 314b98c EnumThreadWindows 51430->51431 51432 314cd10 51431->51432 51432->51422 51434 314cd30 EnumThreadWindows 51433->51434 51436 314cd10 51434->51436 51436->51422 50972 3140848 50974 314084e 50972->50974 50973 314091b 50974->50973 50979 69af4d8 50974->50979 50983 69af4c8 50974->50983 50987 31415f8 50974->50987 50999 31414db 50974->50999 50980 69af4e7 50979->50980 51010 69adfa8 50980->51010 50984 69af4e2 50983->50984 50985 69adfa8 7 API calls 50984->50985 50986 69af507 50985->50986 50986->50974 50989 31414ee 50987->50989 50990 3141603 50987->50990 50988 31415f0 50988->50974 50989->50988 50991 31415f8 7 API calls 50989->50991 51167 3147048 50989->51167 51171 31470e8 50989->51171 51175 314d978 50989->51175 51179 314da90 50989->51179 51186 314d968 50989->51186 51190 69a91c0 50989->51190 51196 69a91d0 50989->51196 50990->50974 50991->50989 51000 31414e2 50999->51000 51001 31415f0 51000->51001 51002 31415f8 7 API calls 51000->51002 51003 3147048 2 API calls 51000->51003 51004 31470e8 2 API calls 51000->51004 51005 314da90 GlobalMemoryStatusEx 51000->51005 51006 314d978 GlobalMemoryStatusEx 51000->51006 51007 314d968 GlobalMemoryStatusEx 51000->51007 51008 69a91d0 4 API calls 51000->51008 51009 69a91c0 4 API calls 51000->51009 51001->50974 51002->51000 51003->51000 51004->51000 51005->51000 51006->51000 51007->51000 51008->51000 51009->51000 51011 69adfb3 51010->51011 51014 69af520 51011->51014 51013 69af9cd 51015 69af52b 51014->51015 51016 69afc18 51015->51016 51017 69afc73 51015->51017 51022 8c40dc0 51015->51022 51027 8c40db1 51015->51027 51016->51017 51032 8c49ac0 51016->51032 51037 8c49ad0 51016->51037 51017->51013 51023 8c40de1 51022->51023 51024 8c40e05 51023->51024 51042 8c40f60 51023->51042 51047 8c40f70 51023->51047 51024->51016 51028 8c40dc0 51027->51028 51029 8c40e05 51028->51029 51030 8c40f60 4 API calls 51028->51030 51031 8c40f70 4 API calls 51028->51031 51029->51016 51030->51029 51031->51029 51034 8c49ac9 51032->51034 51033 8c49b82 51033->51017 51034->51033 51035 8c49f98 WaitMessage 51034->51035 51164 8c48f9c 51034->51164 51035->51034 51040 8c49ad5 51037->51040 51038 8c49f98 WaitMessage 51038->51040 51039 8c48f9c DispatchMessageW 51039->51040 51040->51038 51040->51039 51041 8c49b82 51040->51041 51041->51017 51043 8c40f70 51042->51043 51044 8c40fb6 51043->51044 51052 8c40fc8 51043->51052 51058 8c40fd8 51043->51058 51044->51024 51049 8c40f7d 51047->51049 51048 8c40fb6 51048->51024 51049->51048 51050 8c40fc8 4 API calls 51049->51050 51051 8c40fd8 4 API calls 51049->51051 51050->51048 51051->51048 51053 8c41000 51052->51053 51054 8c41028 51053->51054 51064 8c41070 51053->51064 51072 8c410d4 51053->51072 51081 8c41088 51053->51081 51054->51054 51059 8c41000 51058->51059 51060 8c41028 51059->51060 51061 8c410d4 4 API calls 51059->51061 51062 8c41070 4 API calls 51059->51062 51063 8c41088 4 API calls 51059->51063 51060->51060 51061->51060 51062->51060 51063->51060 51065 8c41088 51064->51065 51089 8c41e88 51065->51089 51093 8c41e78 51065->51093 51066 8c41097 51097 8c45a70 51066->51097 51106 8c45a58 51066->51106 51067 8c410d1 51067->51054 51073 8c41092 51072->51073 51074 8c410e2 51072->51074 51079 8c41e88 4 API calls 51073->51079 51080 8c41e78 4 API calls 51073->51080 51075 8c41097 51077 8c45a70 4 API calls 51075->51077 51078 8c45a58 4 API calls 51075->51078 51076 8c410d1 51076->51054 51077->51076 51078->51076 51079->51075 51080->51075 51082 8c41092 51081->51082 51084 8c41e88 4 API calls 51082->51084 51085 8c41e78 4 API calls 51082->51085 51083 8c410d1 51083->51054 51086 8c41097 51084->51086 51085->51086 51087 8c45a70 4 API calls 51086->51087 51088 8c45a58 4 API calls 51086->51088 51087->51083 51088->51083 51092 8c41eb8 51089->51092 51090 8c42190 51090->51066 51091 8c40dc0 4 API calls 51091->51090 51092->51090 51092->51091 51096 8c41e16 51093->51096 51094 8c41db3 51094->51066 51095 8c40dc0 4 API calls 51095->51094 51096->51093 51096->51094 51096->51095 51099 8c45aa1 51097->51099 51101 8c45ba1 51097->51101 51098 8c45aad 51098->51067 51099->51098 51114 8c45cd8 51099->51114 51119 8c45ce8 51099->51119 51100 8c45aed 51123 69aa3a8 51100->51123 51129 69aa393 51100->51129 51101->51067 51107 8c45a6f 51106->51107 51108 8c45aad 51107->51108 51112 8c45cd8 3 API calls 51107->51112 51113 8c45ce8 3 API calls 51107->51113 51108->51067 51109 8c45aed 51110 69aa3a8 3 API calls 51109->51110 51111 69aa393 3 API calls 51109->51111 51110->51108 51111->51108 51112->51109 51113->51109 51115 8c45ce8 51114->51115 51136 8c45d28 51115->51136 51145 8c45d1a 51115->51145 51116 8c45cf2 51116->51100 51121 8c45d28 3 API calls 51119->51121 51122 8c45d1a 3 API calls 51119->51122 51120 8c45cf2 51120->51100 51121->51120 51122->51120 51124 69aa3d3 51123->51124 51154 69aa8b3 51124->51154 51125 69aa456 51126 69aa482 51125->51126 51127 69ab430 CreateWindowExW 51125->51127 51126->51101 51127->51126 51130 69aa33a 51129->51130 51131 69aa39f 51129->51131 51130->51101 51135 69aa8b3 2 API calls 51131->51135 51132 69aa456 51133 69aa482 51132->51133 51159 69ab430 51132->51159 51133->51101 51135->51132 51137 8c45d39 51136->51137 51139 8c45d54 51136->51139 51142 69aad5b GetModuleHandleW 51137->51142 51143 69aaa2e GetModuleHandleW 51137->51143 51144 69aaa30 GetModuleHandleW 51137->51144 51138 8c45d44 51138->51139 51140 8c45d28 GetModuleHandleW GetModuleHandleW GetModuleHandleW 51138->51140 51141 8c45d1a GetModuleHandleW GetModuleHandleW GetModuleHandleW 51138->51141 51139->51116 51140->51139 51141->51139 51142->51138 51143->51138 51144->51138 51146 8c45d39 51145->51146 51148 8c45d54 51145->51148 51151 69aad5b GetModuleHandleW 51146->51151 51152 69aaa2e GetModuleHandleW 51146->51152 51153 69aaa30 GetModuleHandleW 51146->51153 51147 8c45d44 51147->51148 51149 8c45d28 GetModuleHandleW GetModuleHandleW GetModuleHandleW 51147->51149 51150 8c45d1a GetModuleHandleW GetModuleHandleW GetModuleHandleW 51147->51150 51148->51116 51149->51148 51150->51148 51151->51147 51152->51147 51153->51147 51155 69aa8ed 51154->51155 51156 69aa96e 51155->51156 51157 69aaa2e GetModuleHandleW 51155->51157 51158 69aaa30 GetModuleHandleW 51155->51158 51157->51156 51158->51156 51160 69ab446 51159->51160 51161 69ab47e CreateWindowExW 51159->51161 51160->51133 51163 69ab5b4 51161->51163 51165 8c4a840 DispatchMessageW 51164->51165 51166 8c4a8ac 51165->51166 51166->51034 51169 3147070 51167->51169 51168 31470b4 51168->50989 51169->51168 51202 3149d94 51169->51202 51173 31470f2 51171->51173 51172 3147158 51172->50989 51173->51172 51174 3149d94 2 API calls 51173->51174 51174->51173 51176 314d98e 51175->51176 51178 314dafa 51176->51178 51232 69a572f 51176->51232 51178->50989 51180 314da9a 51179->51180 51181 314dab4 51180->51181 51185 69a3c78 GlobalMemoryStatusEx 51180->51185 51240 69a3c6a 51180->51240 51182 69a572f GlobalMemoryStatusEx 51181->51182 51183 314dafa 51181->51183 51182->51183 51183->50989 51185->51181 51187 314d98e 51186->51187 51188 69a572f GlobalMemoryStatusEx 51187->51188 51189 314dafa 51187->51189 51188->51189 51189->50989 51191 69a91e2 51190->51191 51194 69a9293 51191->51194 51244 69a8e64 51191->51244 51193 69a9259 51249 69a8e84 51193->51249 51194->50989 51197 69a91e2 51196->51197 51198 69a8e64 3 API calls 51197->51198 51200 69a9293 51197->51200 51199 69a9259 51198->51199 51201 69a8e84 KiUserCallbackDispatcher 51199->51201 51200->50989 51201->51200 51204 3149e03 51202->51204 51203 3149fb7 51203->51169 51204->51203 51205 3149f17 GetActiveWindow 51204->51205 51206 3149f45 51204->51206 51205->51206 51206->51203 51209 314a7b0 51206->51209 51213 314a7c0 51206->51213 51210 314a7c0 51209->51210 51217 3149cb8 51210->51217 51214 314a7c9 51213->51214 51215 3149cb8 OleInitialize 51214->51215 51216 314a7d4 51215->51216 51216->51203 51218 3149cc3 51217->51218 51221 314b81c 51218->51221 51220 314ba32 51222 314b827 51221->51222 51224 314bb11 51222->51224 51225 314b904 51222->51225 51224->51220 51226 314b90f 51225->51226 51228 314be4b 51226->51228 51229 314b920 51226->51229 51228->51224 51230 314be80 OleInitialize 51229->51230 51231 314bee4 51230->51231 51231->51228 51233 69a573a 51232->51233 51236 69a3c78 51233->51236 51235 69a5741 51235->51178 51237 69a3c8d 51236->51237 51238 69a3e9e 51237->51238 51239 69a42b8 GlobalMemoryStatusEx 51237->51239 51238->51235 51239->51237 51241 69a3c8d 51240->51241 51242 69a3e9e 51241->51242 51243 69a42b8 GlobalMemoryStatusEx 51241->51243 51242->51181 51243->51241 51245 69a8e6f 51244->51245 51247 69aa3a8 3 API calls 51245->51247 51248 69aa393 3 API calls 51245->51248 51246 69a943a 51246->51193 51247->51246 51248->51246 51250 69a8e8f 51249->51250 51252 69ac8cb 51250->51252 51253 69aa02c 51250->51253 51252->51194 51254 69ac8e0 KiUserCallbackDispatcher 51253->51254 51256 69ac94e 51254->51256 51256->51250

                              Executed Functions

                              Function 06973C80 Relevance: 2.2, Instructions: 2209COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4a079d28525b8730b471df26cc77f41c1d38ff658ed2350056c95ab0a7b378c0
                              • Instruction ID: a12fb389e47506c0e2231e380000db3c6a69ca7097bca6673f878d949bec4911
                              • Opcode Fuzzy Hash: 4a079d28525b8730b471df26cc77f41c1d38ff658ed2350056c95ab0a7b378c0
                              • Instruction Fuzzy Hash: 64232D31D10B198EDB51EF68C8806ADF7B1FF99300F55C79AE458A7211EB70AAC5CB81
                              Function 08C49AD0 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 515 8c49ad0-8c49b33 517 8c49b35-8c49b5f 515->517 518 8c49b62-8c49b80 515->518 517->518 523 8c49b82-8c49b84 518->523 524 8c49b89-8c49bc0 518->524 525 8c4a042-8c4a057 523->525 528 8c49bc6-8c49bda 524->528 529 8c49ff1 524->529 530 8c49bdc-8c49c06 528->530 531 8c49c09-8c49c28 528->531 532 8c49ff6-8c4a00c 529->532 530->531 538 8c49c40-8c49c42 531->538 539 8c49c2a-8c49c30 531->539 532->525 542 8c49c44-8c49c5c 538->542 543 8c49c61-8c49c6a 538->543 540 8c49c34-8c49c36 539->540 541 8c49c32 539->541 540->538 541->538 542->532 545 8c49c72-8c49c79 543->545 546 8c49c83-8c49c8a 545->546 547 8c49c7b-8c49c81 545->547 549 8c49c94 546->549 550 8c49c8c-8c49c92 546->550 548 8c49c97-8c49cb4 call 8c48f50 547->548 553 8c49e09-8c49e0d 548->553 554 8c49cba-8c49cc1 548->554 549->548 550->548 556 8c49e13-8c49e17 553->556 557 8c49fdc-8c49fef 553->557 554->529 555 8c49cc7-8c49d04 554->555 565 8c49fd2-8c49fd6 555->565 566 8c49d0a-8c49d0f 555->566 558 8c49e31-8c49e3a 556->558 559 8c49e19-8c49e2c 556->559 557->532 561 8c49e3c-8c49e66 558->561 562 8c49e69-8c49e70 558->562 559->532 561->562 563 8c49e76-8c49e7d 562->563 564 8c49f0f-8c49f24 562->564 567 8c49eac-8c49ece 563->567 568 8c49e7f-8c49ea9 563->568 564->565 575 8c49f2a-8c49f2c 564->575 565->545 565->557 569 8c49d41-8c49d56 call 8c48f74 566->569 570 8c49d11-8c49d1f call 8c48f5c 566->570 567->564 603 8c49ed0-8c49eda 567->603 568->567 579 8c49d5b-8c49d5f 569->579 570->569 583 8c49d21-8c49d3f call 8c48f68 570->583 581 8c49f2e-8c49f67 575->581 582 8c49f79-8c49f96 call 8c48f50 575->582 584 8c49dd0-8c49ddd 579->584 585 8c49d61-8c49d73 call 8c48f80 579->585 598 8c49f70-8c49f77 581->598 599 8c49f69-8c49f6f 581->599 582->565 601 8c49f98-8c49fc4 WaitMessage 582->601 583->579 584->565 602 8c49de3-8c49ded call 8c48f90 584->602 609 8c49d75-8c49da5 585->609 610 8c49db3-8c49dcb 585->610 598->565 599->598 605 8c49fc6 601->605 606 8c49fcb 601->606 612 8c49dfc-8c49e04 call 8c48fa8 602->612 613 8c49def-8c49df2 call 8c48f9c 602->613 617 8c49ef2-8c49f0d 603->617 618 8c49edc-8c49ee2 603->618 605->606 606->565 624 8c49da7 609->624 625 8c49dac 609->625 610->532 612->565 620 8c49df7 613->620 617->564 617->603 622 8c49ee4 618->622 623 8c49ee6-8c49ee8 618->623 620->565 622->617 623->617 624->625 625->610
                              Memory Dump Source
                              • Source File: 00000004.00000002.3912116505.0000000008C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_8c40000_CasPol.jbxd
                              Similarity
                              • API ID: DispatchMessage
                              • String ID:
                              • API String ID: 2061451462-0
                              • Opcode ID: 81afa0ae8082f7a29a8fe020f4d5d365ab41f5d001f0d967020e25ae1ba76919
                              • Instruction ID: 12f7c35bbd0359a97c195d9ef3af7e32f7850bcfdecf4ad0d23737c83a8f9aad
                              • Opcode Fuzzy Hash: 81afa0ae8082f7a29a8fe020f4d5d365ab41f5d001f0d967020e25ae1ba76919
                              • Instruction Fuzzy Hash: 6FF16230A00319CFEB14DFA9C944B9EBBF1FF88315F159169D805AB365DB74A98ACB40
                              Function 0697F860 Relevance: .9, Instructions: 913COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1ef15538e8d33b4b1842b2e48d61f4521a26240435c41273afa9d94e3ee6f560
                              • Instruction ID: c2c96c721dddf5165aef75f5e2974e8c632219779e990958fc7866153c3ddfb7
                              • Opcode Fuzzy Hash: 1ef15538e8d33b4b1842b2e48d61f4521a26240435c41273afa9d94e3ee6f560
                              • Instruction Fuzzy Hash: 03125E30E102098BEFA4DB68D4907ADB7B6FB89310F748426E819EB791DB35DD81CB51
                              Function 0697A928 Relevance: .8, Instructions: 817COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: db5f9ec3ab94955b0b97a7424fea1a3f65ee2858387b80eb9a4bf1d454509da3
                              • Instruction ID: e30b2b501c51080b3273cb9405da553ed0ad005e0069d14fe488f0c7019a5237
                              • Opcode Fuzzy Hash: db5f9ec3ab94955b0b97a7424fea1a3f65ee2858387b80eb9a4bf1d454509da3
                              • Instruction Fuzzy Hash: AC628E30A012098FDB54DB68D594BADB7F6FF88310F248469D816EB794EB35DC42CB91
                              Function 06976F98 Relevance: .5, Instructions: 545COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 73bae2c7bb8da5198e61180d2b6429b6fedde80b0013901be70ec058882cb9dd
                              • Instruction ID: 24aa39d695209e06727be4ae3fc74bd0b472a061d5feee2493ad2001aa16ffb7
                              • Opcode Fuzzy Hash: 73bae2c7bb8da5198e61180d2b6429b6fedde80b0013901be70ec058882cb9dd
                              • Instruction Fuzzy Hash: 9B321D31E1071ACFDB14EBB5C85459DB7B6FFC9300F60D6AAD409AB254EB31A981CB90
                              Function 0697C0B8 Relevance: .5, Instructions: 473COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e6ed4c339adf2acc4a208e278f2c73453b7e3be3149c54c193f30261abd02035
                              • Instruction ID: 05a0fc87d90ae688f01a7d6f2cfd9e2f8a2795dab3cf718229734f81d8e6c412
                              • Opcode Fuzzy Hash: e6ed4c339adf2acc4a208e278f2c73453b7e3be3149c54c193f30261abd02035
                              • Instruction Fuzzy Hash: D5029F30B0021ADFDB54DB69D89466EB7E6FF84310F248529D816AB784EB35ED42CB80
                              Function 03149D94 Relevance: 1.8, APIs: 1, Instructions: 324COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 628 3149d94-3149e22 632 314a066-314a099 628->632 633 3149e28-3149e4d 628->633 638 314a0a0-314a0d5 632->638 633->638 639 3149e53-3149e78 633->639 646 314a0dc-314a111 638->646 639->646 647 3149e7e-3149e8e 639->647 652 314a118-314a144 646->652 651 3149e94-3149e98 647->651 647->652 654 3149ea6-3149eab 651->654 655 3149e9a-3149ea0 651->655 657 314a14b-314a189 652->657 658 3149ead-3149eb3 654->658 659 3149eb9-3149ebf 654->659 655->654 655->657 661 314a190-314a1ce 657->661 658->659 658->661 663 3149ed0-3149ee4 659->663 664 3149ec1-3149ec9 659->664 698 314a1d5-314a25e 661->698 677 3149ee6-3149ee8 663->677 678 3149eea 663->678 664->663 679 3149eef-3149f07 677->679 678->679 681 3149f11-3149f15 679->681 682 3149f09-3149f0f 679->682 685 3149f17-3149f43 GetActiveWindow 681->685 686 3149f58-3149f61 681->686 682->681 684 3149f64-3149f71 682->684 695 3149fb1 684->695 696 3149f73-3149f89 call 3149aa0 684->696 688 3149f45-3149f4b 685->688 689 3149f4c-3149f56 685->689 686->684 688->689 689->684 727 3149fb1 call 314a7b0 695->727 728 3149fb1 call 314a7c0 695->728 729 3149fb1 call 314a7e8 695->729 705 3149fa8-3149fae 696->705 706 3149f8b-3149fa2 696->706 724 314a260-314a269 698->724 725 314a26b 698->725 700 3149fb7-314a00b call 3149aac 719 314a014 700->719 705->695 706->698 706->705 719->632 726 314a26d-314a273 724->726 725->726 727->700 728->700 729->700
                              APIs
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905900986.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_3140000_CasPol.jbxd
                              Similarity
                              • API ID: ActiveWindow
                              • String ID:
                              • API String ID: 2558294473-0
                              • Opcode ID: cada12f4bf413b0cda40c2c6b15dc1154259d35b6a2641ea8551f58650b81a80
                              • Instruction ID: 77e7f9d665eb077f27cfb7171da39f28085d918d43ee082cb5f14e81d5b4a415
                              • Opcode Fuzzy Hash: cada12f4bf413b0cda40c2c6b15dc1154259d35b6a2641ea8551f58650b81a80
                              • Instruction Fuzzy Hash: D1C16E70B103199FDB48EFB5D45576EBBA6AFC8300F158428E90AEB380DF799C418B65
                              Function 069AAA30 Relevance: 1.8, APIs: 1, Instructions: 300COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 730 69aaa30-69aaa56 733 69aaa58-69aaa80 call 69a9de4 730->733 734 69aaa86-69aaa8e 730->734 733->734 743 69aac8c-69aacb2 733->743 735 69aaa90-69aaa95 call 69a9df0 734->735 736 69aaad4-69aab0e call 69a9dfc 734->736 740 69aaa9a-69aaacf 735->740 753 69aacb9 736->753 754 69aab14-69aab5f 736->754 750 69aab62-69aabbb call 69a9e08 740->750 743->753 777 69aabc0-69aabc4 750->777 757 69aacbb-69aaceb 753->757 754->750 771 69aacf2-69aad30 757->771 771->757 785 69aad32-69aada0 771->785 779 69aabca-69aabd7 777->779 780 69aac80-69aac8b 777->780 783 69aac7c-69aac7e 779->783 784 69aabdd-69aac0a call 69a9dfc 779->784 783->771 783->780 784->783 796 69aac0c-69aac19 784->796 786 69aada8-69aadd3 GetModuleHandleW 785->786 787 69aada2-69aada5 785->787 789 69aaddc-69aadf0 786->789 790 69aadd5-69aaddb 786->790 787->786 790->789 796->783 797 69aac1b-69aac32 call 69a9e14 796->797 801 69aac3f-69aac6e call 69a9e08 797->801 802 69aac34-69aac3d call 69a9e08 797->802 801->783 810 69aac70-69aac7a 801->810 802->783 810->783 810->801
                              APIs
                              • GetModuleHandleW.KERNEL32(00000000), ref: 069AADC6
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 15355dbc0472726de4638ae45fce61cae7afc7362de2de110edce61fbdfa4b01
                              • Instruction ID: f311a010cd393312f5ff4207511806e3b65d32bffc30874297e7a280ed41774f
                              • Opcode Fuzzy Hash: 15355dbc0472726de4638ae45fce61cae7afc7362de2de110edce61fbdfa4b01
                              • Instruction Fuzzy Hash: 01B1AF70A007068FDB55EF79C880A6EBBF6FF88210B108529D84ADB751EB74E905CBD4
                              Function 069796B8 Relevance: 1.7, Strings: 1, Instructions: 424COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 812 69796b8-69796cb 813 69796d5-69796d8 812->813 814 69796fa-69796fd 813->814 815 69796da-69796de 813->815 816 697971f-6979722 814->816 817 69796ff-6979703 814->817 818 69796e4-69796ec 815->818 819 69797ca-6979804 815->819 821 6979744-6979747 816->821 822 6979724-6979728 816->822 817->819 820 6979709-6979711 817->820 818->819 823 69796f2-69796f5 818->823 829 6979806-6979809 819->829 820->819 824 6979717-697971a 820->824 826 697975f-6979762 821->826 827 6979749-697975a 821->827 822->819 825 697972e-6979736 822->825 823->814 824->816 825->819 830 697973c-697973f 825->830 831 6979764-697976b 826->831 832 697976c-697976f 826->832 827->826 833 6979827-697982a 829->833 834 697980b-697981c 829->834 830->821 836 6979771-6979778 832->836 837 697977f-6979782 832->837 842 697982c-697983d 833->842 843 6979848-697984b 833->843 850 6979822 834->850 851 6979b4a-6979b5b 834->851 838 69797c2-69797c9 836->838 839 697977a 836->839 840 6979784-6979788 837->840 841 697979c-697979f 837->841 839->837 840->819 845 697978a-6979792 840->845 846 69797a1-69797ab 841->846 847 69797b0-69797b2 841->847 859 6979843 842->859 860 6979b9e-6979bb1 842->860 848 697984d-6979854 843->848 849 6979859-697985c 843->849 845->819 852 6979794-6979797 845->852 846->847 854 69797b4 847->854 855 69797b9-69797bc 847->855 848->849 856 6979b45-6979b48 849->856 857 6979862-69799f6 849->857 850->833 851->848 868 6979b61 851->868 852->841 854->855 855->813 855->838 856->851 861 6979b66-6979b69 856->861 905 6979b2f-6979b42 857->905 906 69799fc-6979a03 857->906 859->843 861->857 863 6979b6f-6979b72 861->863 865 6979b74-6979b85 863->865 866 6979b90-6979b93 863->866 865->848 873 6979b8b 865->873 866->857 870 6979b99-6979b9c 866->870 868->861 870->860 872 6979bb4-6979bb7 870->872 875 6979bd5-6979bd8 872->875 876 6979bb9-6979bca 872->876 873->866 877 6979be6-6979be9 875->877 878 6979bda-6979be1 875->878 876->848 885 6979bd0 876->885 879 6979bf3-6979bf5 877->879 880 6979beb-6979bf0 877->880 878->877 883 6979bf7 879->883 884 6979bfc-6979bff 879->884 880->879 883->884 884->829 886 6979c05-6979c0e 884->886 885->875 907 6979ab7-6979abe 906->907 908 6979a09-6979a3c 906->908 907->905 909 6979ac0-6979af3 907->909 918 6979a41-6979a82 908->918 919 6979a3e 908->919 921 6979af5 909->921 922 6979af8-6979b25 909->922 930 6979a84-6979a95 918->930 931 6979a9a-6979aa1 918->931 919->918 921->922 922->886 930->886 933 6979aa9-6979aab 931->933 933->886
                              Strings
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID: $
                              • API String ID: 0-3993045852
                              • Opcode ID: 10f45a6f6b63494318cd7770f63a9d270dba8c164c3d2362c9f9b1c0af7a0788
                              • Instruction ID: 5e187d8eedeca9145c66a66ccbe6f28a94d89f8f01ca6fbff1b6cb39e5fde2b0
                              • Opcode Fuzzy Hash: 10f45a6f6b63494318cd7770f63a9d270dba8c164c3d2362c9f9b1c0af7a0788
                              • Instruction Fuzzy Hash: 42E1D035F002159FDF64DFA4C4506AEBBBAFF89320F208569D819AB354DB31AD42CB91
                              Function 069AB430 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 934 69ab430-69ab444 935 69ab47e-69ab4f6 934->935 936 69ab446-69ab470 call 69a9e94 934->936 939 69ab4f8-69ab4fe 935->939 940 69ab501-69ab508 935->940 941 69ab475-69ab476 936->941 939->940 942 69ab50a-69ab510 940->942 943 69ab513-69ab5b2 CreateWindowExW 940->943 942->943 945 69ab5bb-69ab5f3 943->945 946 69ab5b4-69ab5ba 943->946 950 69ab600 945->950 951 69ab5f5-69ab5f8 945->951 946->945 952 69ab601 950->952 951->950 952->952
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 069AB5A2
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 135f02484d097af687fd2ea097d30913f63e7637b6e888a5dc1c42bd89aad475
                              • Instruction ID: 65d4ea0c90735bb710c2ac34ddbef8232d8f6fd373a40866b9098e413c407498
                              • Opcode Fuzzy Hash: 135f02484d097af687fd2ea097d30913f63e7637b6e888a5dc1c42bd89aad475
                              • Instruction Fuzzy Hash: 2E51FFB1C01349AFCF11CFA9C980ADEBFB6BF49310F24815AE818AB221D7759945CF90
                              Function 069A4E78 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 953 69a4e78-69a4e93 954 69a4ebd-69a4edc call 69a426c 953->954 955 69a4e95-69a4ebc call 69a4260 953->955 961 69a4ede-69a4ee1 954->961 962 69a4ee2-69a4f41 954->962 969 69a4f43-69a4f46 962->969 970 69a4f47-69a4fd4 GlobalMemoryStatusEx 962->970 974 69a4fdd-69a5005 970->974 975 69a4fd6-69a4fdc 970->975 975->974
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 64a676789d137392e56a6c6f900f15df9d6cca6956a76cad7b7840a9cbec67e3
                              • Instruction ID: 07fcb29c6330c5800ac21c198984c0c804ee612ccf43d7ee7af3039e10779708
                              • Opcode Fuzzy Hash: 64a676789d137392e56a6c6f900f15df9d6cca6956a76cad7b7840a9cbec67e3
                              • Instruction Fuzzy Hash: 9F412431D053859FCB04DFBAD8406DEBBF5EF8A210F1585AAE404EB641DB749845CBE0
                              Function 069AB490 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 978 69ab490-69ab4f6 979 69ab4f8-69ab4fe 978->979 980 69ab501-69ab508 978->980 979->980 981 69ab50a-69ab510 980->981 982 69ab513-69ab54b 980->982 981->982 983 69ab553-69ab5b2 CreateWindowExW 982->983 984 69ab5bb-69ab5f3 983->984 985 69ab5b4-69ab5ba 983->985 989 69ab600 984->989 990 69ab5f5-69ab5f8 984->990 985->984 991 69ab601 989->991 990->989 991->991
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 069AB5A2
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 25b8e83ace96a3a2ffb63ff81f2ae6ab77908c749bfc7c7b625904902cfbb14a
                              • Instruction ID: 5f7f026c0086ee37c42d66c25cfece8a192665c0a02b43c8b5054a50a4f1ac48
                              • Opcode Fuzzy Hash: 25b8e83ace96a3a2ffb63ff81f2ae6ab77908c749bfc7c7b625904902cfbb14a
                              • Instruction Fuzzy Hash: 8D41AFB1D00309DFDB14CF9AC884ADEBBF5BF88314F64852AE819AB214D7759845CF90
                              Function 069A9FD4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 992 69a9fd4-69ac5e4 995 69ac5ea-69ac5ef 992->995 996 69ac694-69ac6b4 call 69a9ebc 992->996 998 69ac642-69ac67a CallWindowProcW 995->998 999 69ac5f1-69ac628 995->999 1003 69ac6b7-69ac6c4 996->1003 1001 69ac67c-69ac682 998->1001 1002 69ac683-69ac692 998->1002 1005 69ac62a-69ac630 999->1005 1006 69ac631-69ac640 999->1006 1001->1002 1002->1003 1005->1006 1006->1003
                              APIs
                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 069AC669
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: CallProcWindow
                              • String ID:
                              • API String ID: 2714655100-0
                              • Opcode ID: f090a310b513e118ea4a8407353cf7923aba2c4f63782a774135ff844926b281
                              • Instruction ID: d9f2483b06cba2d2da230e5e02b51afc4fdaa3fdd7dfe6a64207a04ea38e423c
                              • Opcode Fuzzy Hash: f090a310b513e118ea4a8407353cf7923aba2c4f63782a774135ff844926b281
                              • Instruction Fuzzy Hash: 8C413BB4900309CFDB54CF99C448BAABBF5FF88314F258859D519AB721D774A840CFA4
                              Function 069AD1EC Relevance: 1.6, APIs: 1, Instructions: 78comclipboardCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1009 69ad1ec-69ad248 1011 69ad252-69ad290 OleGetClipboard 1009->1011 1012 69ad299-69ad2e7 1011->1012 1013 69ad292-69ad298 1011->1013 1018 69ad2e9-69ad2ed 1012->1018 1019 69ad2f7 1012->1019 1013->1012 1018->1019 1020 69ad2ef 1018->1020 1021 69ad2f8 1019->1021 1020->1019 1021->1021
                              APIs
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: Clipboard
                              • String ID:
                              • API String ID: 220874293-0
                              • Opcode ID: a49b0cd942a114dfcf8a1e3724b15c9d930f2893f58abfae20b20bf724a8ccc8
                              • Instruction ID: 1bbe382310188d0febfb9d1aa844dcbcb5311d2589c61d5dc1479583830f0651
                              • Opcode Fuzzy Hash: a49b0cd942a114dfcf8a1e3724b15c9d930f2893f58abfae20b20bf724a8ccc8
                              • Instruction Fuzzy Hash: 453101B0D01349DFDB14CF99C984BCEBBF5AF48714F248019E404AB690DB75A989CBA5
                              Function 069ACBEC Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1022 69acbec-69ad290 OleGetClipboard 1025 69ad299-69ad2e7 1022->1025 1026 69ad292-69ad298 1022->1026 1031 69ad2e9-69ad2ed 1025->1031 1032 69ad2f7 1025->1032 1026->1025 1031->1032 1033 69ad2ef 1031->1033 1034 69ad2f8 1032->1034 1033->1032 1034->1034
                              APIs
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: Clipboard
                              • String ID:
                              • API String ID: 220874293-0
                              • Opcode ID: 01f91716e540e7be8db19101c460d3996d0eaef57d2b1fdd886be342f0872baf
                              • Instruction ID: de123b0901db49642151b7cea0a8d93130424975720296a700a56bab7e34c034
                              • Opcode Fuzzy Hash: 01f91716e540e7be8db19101c460d3996d0eaef57d2b1fdd886be342f0872baf
                              • Instruction Fuzzy Hash: 463100B0D01308DFDB54DF99C984B9EBBF5AF48304F208019E804BB790DBB5A949CB95
                              Function 0314B04B Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1035 314b04b 1036 314b050-314b0e4 DuplicateHandle 1035->1036 1037 314b0e6-314b0ec 1036->1037 1038 314b0ed-314b10a 1036->1038 1037->1038
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0314B0D7
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905900986.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_3140000_CasPol.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 42206384592901939a295d405f3a994bc33d005460cdef2b910ddb515e973366
                              • Instruction ID: fd99d412675d2bd9ddcb8cb294169159ad054ebec06fad24ea6a0038962462e8
                              • Opcode Fuzzy Hash: 42206384592901939a295d405f3a994bc33d005460cdef2b910ddb515e973366
                              • Instruction Fuzzy Hash: 7A21F5B59003099FDB10CFAAD984ADEFBF9FB48320F14841AE958A7350D378A944CF64
                              Function 0314B050 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1041 314b050-314b0e4 DuplicateHandle 1042 314b0e6-314b0ec 1041->1042 1043 314b0ed-314b10a 1041->1043 1042->1043
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0314B0D7
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905900986.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_3140000_CasPol.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: adeae8113d14fa9a398f5b7c90045e7157590188476d0bb4cf841f9330b2301f
                              • Instruction ID: 255c2733be12fb9cf803d30dc65be74810934583aee100924f7471b133ec067f
                              • Opcode Fuzzy Hash: adeae8113d14fa9a398f5b7c90045e7157590188476d0bb4cf841f9330b2301f
                              • Instruction Fuzzy Hash: 1C21F5B59003099FDB10CFAAD984ADEFBF9FB48320F14841AE954A7350D378A944CF64
                              Function 0314B98C Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1046 314b98c-314cd72 1048 314cd74 1046->1048 1049 314cd7e-314cdae EnumThreadWindows 1046->1049 1052 314cd7c 1048->1052 1050 314cdb7-314cde4 1049->1050 1051 314cdb0-314cdb6 1049->1051 1051->1050 1052->1049
                              APIs
                              • EnumThreadWindows.USER32(?,00000000,?,?,?,?,00000E20,?,?,0314CD10,046760D8,03696200), ref: 0314CDA1
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905900986.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_3140000_CasPol.jbxd
                              Similarity
                              • API ID: EnumThreadWindows
                              • String ID:
                              • API String ID: 2941952884-0
                              • Opcode ID: cfd07b80ea7ca84435bb7102cbdd4fb788b91d05d7fea6d60bae9cc3f1f1d8d2
                              • Instruction ID: adfbde969f160d963e4b27d8b3b1aadb2534b00f77c6fb0d8802302da624efef
                              • Opcode Fuzzy Hash: cfd07b80ea7ca84435bb7102cbdd4fb788b91d05d7fea6d60bae9cc3f1f1d8d2
                              • Instruction Fuzzy Hash: AF2127719002099FDB14DF9AC844BEEFBF9EB88320F14842AD854A7250D778A944CFA4
                              Function 0314CD28 Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
                              Download Yara Rule
                              APIs
                              • EnumThreadWindows.USER32(?,00000000,?,?,?,?,00000E20,?,?,0314CD10,046760D8,03696200), ref: 0314CDA1
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905900986.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_3140000_CasPol.jbxd
                              Similarity
                              • API ID: EnumThreadWindows
                              • String ID:
                              • API String ID: 2941952884-0
                              • Opcode ID: 5c6c33089a27c4a0195a1eedbfe4537a3595358e3e0e2c82aba0467b143e5b34
                              • Instruction ID: 082302f375d7197299a2f0e260d190dee4bb6a1517e290c18f79300902902f81
                              • Opcode Fuzzy Hash: 5c6c33089a27c4a0195a1eedbfe4537a3595358e3e0e2c82aba0467b143e5b34
                              • Instruction Fuzzy Hash: 9A2127719002099FDB14CF9AC844BEEFBF9FB88320F14842AD854A7250D778A944CFA4
                              Function 069AEE40 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 069AEEC3
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: HookWindows
                              • String ID:
                              • API String ID: 2559412058-0
                              • Opcode ID: 18eeb78f87235006f0327a8776cfb4a8afc6c13aed15e40a2bb24409ed25859c
                              • Instruction ID: 352cb83cc49c08bbf3f614e5e157b6aabfb1b2eda5effed769ab28c83594e487
                              • Opcode Fuzzy Hash: 18eeb78f87235006f0327a8776cfb4a8afc6c13aed15e40a2bb24409ed25859c
                              • Instruction Fuzzy Hash: 3D210475D0024A9FDB54DFAAD844BEEBBF5AF88320F20842AE419A7650C7746944CFA4
                              Function 0314D4B9 Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                              Download Yara Rule
                              APIs
                              • MessageBoxW.USER32(?,00000000,00000000,?), ref: 0314D53D
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905900986.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_3140000_CasPol.jbxd
                              Similarity
                              • API ID: Message
                              • String ID:
                              • API String ID: 2030045667-0
                              • Opcode ID: 20a2f6ab79f20144d959f808cec843a1bb355dc30fbd80243e2d67280edd46e4
                              • Instruction ID: 7ab44f8968e2d4da53077a4aafc63bdaa95d5c92e3f7110d9dd5eeb7dbf65047
                              • Opcode Fuzzy Hash: 20a2f6ab79f20144d959f808cec843a1bb355dc30fbd80243e2d67280edd46e4
                              • Instruction Fuzzy Hash: BE2102B68013099FCB10CF9AD884ADEFBF5FB48314F14842EE819AB600C775A544CFA4
                              Function 0314D4C0 Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                              Download Yara Rule
                              APIs
                              • MessageBoxW.USER32(?,00000000,00000000,?), ref: 0314D53D
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905900986.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_3140000_CasPol.jbxd
                              Similarity
                              • API ID: Message
                              • String ID:
                              • API String ID: 2030045667-0
                              • Opcode ID: dde59687753245235e183003e3b8138c5e89df759d7c92567e2d6bfba2368e65
                              • Instruction ID: fb65d22a379056e5cb6164f3e31e1d08270c95d1aac2df64fa117720d8bce821
                              • Opcode Fuzzy Hash: dde59687753245235e183003e3b8138c5e89df759d7c92567e2d6bfba2368e65
                              • Instruction Fuzzy Hash: BC21E3B68013499FDB14CF9AD884ADEFBF5FB48314F14852ED419AB200C775A544CFA4
                              Function 069AEE48 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 069AEEC3
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: HookWindows
                              • String ID:
                              • API String ID: 2559412058-0
                              • Opcode ID: ae207bd257d099195634fe05332596ab20669cd9cc4fca3258af9c1b98a4bef1
                              • Instruction ID: 4de6bc7691fa67c656773efa83e2bf7cfba4a330a3e4eadabb2d390c52ecda58
                              • Opcode Fuzzy Hash: ae207bd257d099195634fe05332596ab20669cd9cc4fca3258af9c1b98a4bef1
                              • Instruction Fuzzy Hash: 662124B1D002098FDB14DF9AC844BEEFBF9FB88320F20842AD419A7250C775A944CFA0
                              Function 069A4F60 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              • GlobalMemoryStatusEx.KERNEL32 ref: 069A4FC7
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: GlobalMemoryStatus
                              • String ID:
                              • API String ID: 1890195054-0
                              • Opcode ID: 3829871f10b85113ed4c911665e1df9c05dce3e1ad149b124fb6a72622256ef8
                              • Instruction ID: e3955c6b7dae0fdadea88857d46d9dac44f5c42ce762deefddd80a6831939261
                              • Opcode Fuzzy Hash: 3829871f10b85113ed4c911665e1df9c05dce3e1ad149b124fb6a72622256ef8
                              • Instruction Fuzzy Hash: 021123B1C0065A9FCB10DF9AC844BDEFBF8BF48624F10812AD818A7640D378A944CFA5
                              Function 069AAD5B Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleHandleW.KERNEL32(00000000), ref: 069AADC6
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 81df064f993d42b107a138fd112958b5e6958648bbdd6d0ff014173378ac069c
                              • Instruction ID: dc39b448dc771e1aea3b1e128e6cc5b65ed9145401075b2f427577ba404d517f
                              • Opcode Fuzzy Hash: 81df064f993d42b107a138fd112958b5e6958648bbdd6d0ff014173378ac069c
                              • Instruction Fuzzy Hash: 6C11F0B5C013498FCB20DFAAD844ADEFBF9AF89220F10841AD859A7600D379A545CFA1
                              Function 069AC8D9 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,069AC8B5), ref: 069AC93F
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: 64f109ac4ed723989440acf469b48dc5e111f8c5360a1fa73ea66289f38f86ae
                              • Instruction ID: 9a4e937d28bd180a3e3aa68615bbb36dec86f24aec15f55f401195fbaefe2750
                              • Opcode Fuzzy Hash: 64f109ac4ed723989440acf469b48dc5e111f8c5360a1fa73ea66289f38f86ae
                              • Instruction Fuzzy Hash: AA1125B08013499FCB20DF9AC944BDEFBF8AB49724F20841AE519A7640C7746544CFA5
                              Function 08C48F9C Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                              Download Yara Rule
                              APIs
                              • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,08C49DF7), ref: 08C4A89D
                              Memory Dump Source
                              • Source File: 00000004.00000002.3912116505.0000000008C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_8c40000_CasPol.jbxd
                              Similarity
                              • API ID: DispatchMessage
                              • String ID:
                              • API String ID: 2061451462-0
                              • Opcode ID: 56eb4eef6761f66836c604deddabd8c6781d6079df878f3080a3c5bef191fa9c
                              • Instruction ID: e476824e0a02a6c44d1b2f21fb5930e40b1124ee8ef1afd9ad6e4f7c4a8f450c
                              • Opcode Fuzzy Hash: 56eb4eef6761f66836c604deddabd8c6781d6079df878f3080a3c5bef191fa9c
                              • Instruction Fuzzy Hash: E31110B0C002498FCB20DF9AE444B9EBBF8EB48310F10842AE818A7640D378A545CFA5
                              Function 0314B920 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                              Download Yara Rule
                              APIs
                              • OleInitialize.OLE32(00000000), ref: 0314BED5
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905900986.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_3140000_CasPol.jbxd
                              Similarity
                              • API ID: Initialize
                              • String ID:
                              • API String ID: 2538663250-0
                              • Opcode ID: fbc0e6eb3c1c3228985a453b9e63b97ce1a6facb4cac1f0aa6de56ad538ca4d3
                              • Instruction ID: cde75db0f486e6faee564e4cde89b01a4ab30070fd3d681a57c807b32dc79faf
                              • Opcode Fuzzy Hash: fbc0e6eb3c1c3228985a453b9e63b97ce1a6facb4cac1f0aa6de56ad538ca4d3
                              • Instruction Fuzzy Hash: EE1118B58047498FCB24DF9AC444B9EFBF8EB48224F108419D659B7300D379A944CFA5
                              Function 069AA02C Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,069AC8B5), ref: 069AC93F
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: e90800db71403ffb6851437e4303cdf779e8935cf865eaf9d9cbb09c40929c76
                              • Instruction ID: a1f2fab4088ad684f70dcfdc3fb3bc7b70f87f54e3c3fe8f542a393c6e7071a9
                              • Opcode Fuzzy Hash: e90800db71403ffb6851437e4303cdf779e8935cf865eaf9d9cbb09c40929c76
                              • Instruction Fuzzy Hash: 001103B5800349CFDB20DF9AC584B9EBBF8EB88324F20841AD519A7740D775A944CFA5
                              Function 0314BE78 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                              Download Yara Rule
                              APIs
                              • OleInitialize.OLE32(00000000), ref: 0314BED5
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905900986.0000000003140000.00000040.00000800.00020000.00000000.sdmp, Offset: 03140000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_3140000_CasPol.jbxd
                              Similarity
                              • API ID: Initialize
                              • String ID:
                              • API String ID: 2538663250-0
                              • Opcode ID: c7f95f6187ecf7be373d075bdebd19e9f0b087acee2fff90483d7b335205d056
                              • Instruction ID: b020ce8b46e7c961c5988109ffbc173d52263644548ad6606fe81a5095a988ab
                              • Opcode Fuzzy Hash: c7f95f6187ecf7be373d075bdebd19e9f0b087acee2fff90483d7b335205d056
                              • Instruction Fuzzy Hash: B11115B58003498FCB20DF9AD544BDEFBF8EB48324F208419D558A7200D379A544CFA5
                              Function 069AC96C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,069AC8B5), ref: 069AC93F
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911631823.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_69a0000_CasPol.jbxd
                              Similarity
                              • API ID: CallbackDispatcherUser
                              • String ID:
                              • API String ID: 2492992576-0
                              • Opcode ID: 019711392c7637ef4da261aae146f607c0346c7a15f34810a27f6f2a7d233a74
                              • Instruction ID: 3a08d2d443da6a3c953bb924eb86bc52c1f245e090c5bb40f3e6591103d5bb4f
                              • Opcode Fuzzy Hash: 019711392c7637ef4da261aae146f607c0346c7a15f34810a27f6f2a7d233a74
                              • Instruction Fuzzy Hash: D9F024B3C08385CFEB519B99C8053DEBFF0EF85319F24848AC19A9BA61D3395109CB91
                              Function 069762B9 Relevance: 1.0, Instructions: 1007COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b16b9214eb304616802ba059e49d242b40653976594ce3a924f0e24d14b41893
                              • Instruction ID: 90cb12ddda7df28068aaa4c89bc1478bf3d38d45e15f9e06db971e3e8969edba
                              • Opcode Fuzzy Hash: b16b9214eb304616802ba059e49d242b40653976594ce3a924f0e24d14b41893
                              • Instruction Fuzzy Hash: 7D924830E00604CFDB64DB68C594BADBBF6FB85314F6484AAD449AB751DB35EC85CB80
                              Function 06970040 Relevance: .4, Instructions: 411COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3074f6b47db0366861f768659e1732e09708133e39b42a74b8c40ad866479b6a
                              • Instruction ID: 5cd5637cc47f17d138a4078977bce15d84cdd1e3af1aa393b5e9c3707c4f31d2
                              • Opcode Fuzzy Hash: 3074f6b47db0366861f768659e1732e09708133e39b42a74b8c40ad866479b6a
                              • Instruction Fuzzy Hash: CAE18F74F002098FDB54DB68D994AAEBBF6FB88310F244469E906E7790DB35DC42CB91
                              Function 0697F008 Relevance: .4, Instructions: 392COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e3c223a11e6109c300f49184f9430f5eeeb89b1bb510757bde4d17c9ecfc2f00
                              • Instruction ID: ac8ffbe69ccc995461d541905f613c3a0d46f05847a322136d13ec1d0742dba6
                              • Opcode Fuzzy Hash: e3c223a11e6109c300f49184f9430f5eeeb89b1bb510757bde4d17c9ecfc2f00
                              • Instruction Fuzzy Hash: A0E16C30F003098FDB68DB69D8906AEB7B6FF89310F209929D805EB744DB359D42CB91
                              Function 06977DD2 Relevance: .3, Instructions: 263COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d4d9038c7f7fa7f8c0693c9231f7795dd9bae4afa736bfe4469339d6fd2dda37
                              • Instruction ID: dcb961a68c421d8ff9be225a28ae124b2e5612b02974e31423b4e9e7383fe43a
                              • Opcode Fuzzy Hash: d4d9038c7f7fa7f8c0693c9231f7795dd9bae4afa736bfe4469339d6fd2dda37
                              • Instruction Fuzzy Hash: A0916E30B112098BDB94DBB9D5547AEBBF6EF89300F208429D80ADF754EE35DC428B91
                              Function 06970006 Relevance: .3, Instructions: 260COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 266ddc3158e3be279701d5c890397938630ee9497b2747b38a777a898ade78a3
                              • Instruction ID: 40e7f587ebd08ff43181f256462c920c8db971bbb73ce14a1993611a4b0003de
                              • Opcode Fuzzy Hash: 266ddc3158e3be279701d5c890397938630ee9497b2747b38a777a898ade78a3
                              • Instruction Fuzzy Hash: C3A19D74A002059FCB55DF64D994AAEBBF6FF88310F248465E806EB3A1DB35DC42CB90
                              Function 069780EC Relevance: .2, Instructions: 242COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9ff0db8c395e98968efe53ae2f29f9ca24dc0d00b3c8471e7c495d4ae6324d07
                              • Instruction ID: e99f7a4535890b78a2a84c5ec8e2a5f306e714a2d805375fe7c2fde0d925d669
                              • Opcode Fuzzy Hash: 9ff0db8c395e98968efe53ae2f29f9ca24dc0d00b3c8471e7c495d4ae6324d07
                              • Instruction Fuzzy Hash: DCA14F30E106198FDF60DF68C940B9EB7B5FF89310F2085A9D509BB641DB71AA86CB91
                              Function 0697A110 Relevance: .2, Instructions: 239COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 411b35b35edbd8d7c3cd41537eaef8cedef8b6e0347b7bc5f9c154062c00a50b
                              • Instruction ID: 9ad4bbe78670d2401ce98f1a7db9a6b03fb2f5a7abb2659fbb341200652c3646
                              • Opcode Fuzzy Hash: 411b35b35edbd8d7c3cd41537eaef8cedef8b6e0347b7bc5f9c154062c00a50b
                              • Instruction Fuzzy Hash: AD71E771F001114FDF549A7ECC8055EBADBEFC5620B25407AD80ADB3A0DE65ED4287D6
                              Function 0697D488 Relevance: .2, Instructions: 231COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8f1e9ac96d32a7246f5e527df3834f4c618e7fe5855d0a09168293b4d030e232
                              • Instruction ID: 08eed59920aeb13d4bb1ad8da3d95b90f6c7609dc44c84e6ae0df99f63b8735b
                              • Opcode Fuzzy Hash: 8f1e9ac96d32a7246f5e527df3834f4c618e7fe5855d0a09168293b4d030e232
                              • Instruction Fuzzy Hash: 05914C30F0021A8FDB94EB75D8507AEB7B6EFC9200F248569D80AEB744EE31DD458B91
                              Function 069794B8 Relevance: .2, Instructions: 224COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e1e91d693dc265c7249e879d210ba9a6a9af874acf35d80b55c56676ba825a83
                              • Instruction ID: 086e5994537e13fbedc586f0d3ae74037e60b23ff0578725534db95dbf4c0464
                              • Opcode Fuzzy Hash: e1e91d693dc265c7249e879d210ba9a6a9af874acf35d80b55c56676ba825a83
                              • Instruction Fuzzy Hash: C5811435E042168FDF708F68D48076EFBBAEB86321F24C96AD45DDBA41C634D941CB91
                              Function 06977DE0 Relevance: .2, Instructions: 218COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 14e71d8c8c77e802ad0757d41b4c3a1b2c510f9f37845b1d234883c0c2a8a7bc
                              • Instruction ID: db4b19023a38a9b1e221d2c90c47e3326c979314afc907e406b3aa6abc640d46
                              • Opcode Fuzzy Hash: 14e71d8c8c77e802ad0757d41b4c3a1b2c510f9f37845b1d234883c0c2a8a7bc
                              • Instruction Fuzzy Hash: B2813130B112098FDB94DFB9D5547AEBBB7EF88300F208529D80ADB754EA35DC428B91
                              Function 06970560 Relevance: .2, Instructions: 215COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1c1ccb5d61afd7c990c46c1905444aad3dbd659ed7b7c68482fc48df4d879898
                              • Instruction ID: a7c26024b72b1f9a22624fbe3c84f000100986d96ba3ae54800bbc3fb0088088
                              • Opcode Fuzzy Hash: 1c1ccb5d61afd7c990c46c1905444aad3dbd659ed7b7c68482fc48df4d879898
                              • Instruction Fuzzy Hash: D0815D71A002058FDB54DF69D884B9EBBF6FF88310F24C169E909AB395EB71D941CB90
                              Function 014F0588 Relevance: .2, Instructions: 204COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 810d5ad47422f0ad8a002c8bc9358bb3408f8763168713aa403cd290627f7acb
                              • Instruction ID: 35434af9bfeccfc75c3247314a33468334d3b66842d55c2261d68c69df35744e
                              • Opcode Fuzzy Hash: 810d5ad47422f0ad8a002c8bc9358bb3408f8763168713aa403cd290627f7acb
                              • Instruction Fuzzy Hash: F7715931D002098FDF10DFA9C8846EEFBF5FF89310F14896AE549A7362E734A9458B90
                              Function 06978A88 Relevance: .2, Instructions: 190COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 449f528f5b19c238138445de71584b86a9e4e01b304f0de1b0e7bb50be87e320
                              • Instruction ID: 33847a6a4b01598e842d7a1a21addb1ce8ed6ba3467e9679c001230ca71193c6
                              • Opcode Fuzzy Hash: 449f528f5b19c238138445de71584b86a9e4e01b304f0de1b0e7bb50be87e320
                              • Instruction Fuzzy Hash: A2617030F002099FEF54DBB4C8587AEBBB6FBC8340F20852AD50AAB795DA754D01CB91
                              Function 014F0CC8 Relevance: .2, Instructions: 190COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1851840e0533f4f82fc9ef307a99ba6beab4c7a2a3b1aa74c46286a1799a697d
                              • Instruction ID: e911a3ed8f6017640e2e620c5fc00f999018dc96f6ed13f1c62749d7d4a71b8b
                              • Opcode Fuzzy Hash: 1851840e0533f4f82fc9ef307a99ba6beab4c7a2a3b1aa74c46286a1799a697d
                              • Instruction Fuzzy Hash: BA512131B043458FDB15EF79981069FBBF6AFC6210B14849EE80ADB392DA34DD06C7A1
                              Function 0697D482 Relevance: .2, Instructions: 167COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1981fb6f5f60d6fc5c5cf31cdc78378b364c7e686c729234ea0cf2f7fd254147
                              • Instruction ID: f2880119dd0c807e853068abcf0f0292b1d741ea6ce7e025476f783088ac97e9
                              • Opcode Fuzzy Hash: 1981fb6f5f60d6fc5c5cf31cdc78378b364c7e686c729234ea0cf2f7fd254147
                              • Instruction Fuzzy Hash: 6F515F30B0120A9FDB94EB74E850B6EB7F6EFC8240F148569D81ADB744EE35DD058B91
                              Function 014F32F7 Relevance: .2, Instructions: 156COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 26f916a73c7b488eea5f9991f49b03a5dc5cfb41897da0f476e6b151ee7b69ad
                              • Instruction ID: a8849e804fd08ff988be00cec14d743acfd0d6140a05cd83e2c93a1800585374
                              • Opcode Fuzzy Hash: 26f916a73c7b488eea5f9991f49b03a5dc5cfb41897da0f476e6b151ee7b69ad
                              • Instruction Fuzzy Hash: 9551D434F0420A8FDB05DFA8C8546AEBBF2BF88210F14846ED541EB391DB349D05CBA1
                              Function 06979350 Relevance: .1, Instructions: 126COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2096428ac9861c58944a29f72377adfce06f27bc6a12164af6d142224a76822d
                              • Instruction ID: 6a4e940a5b835f0081a2f3a2ecc59096940a26e658d0e65849fb0243234c0195
                              • Opcode Fuzzy Hash: 2096428ac9861c58944a29f72377adfce06f27bc6a12164af6d142224a76822d
                              • Instruction Fuzzy Hash: 1D415071E006198FDF70CE99D8C1AAFF7F6FB84310F20492AE25AD7A50D331A9458B91
                              Function 069779D8 Relevance: .1, Instructions: 114COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 85769f29ae08fcaa953da3a94a3d22d56b4b6d8858dab2728bf95fcde8e6f618
                              • Instruction ID: 623ef4e3179298b05ce5d110fc3047e0fbf497b5ed7feb9dd2c313cdd020825a
                              • Opcode Fuzzy Hash: 85769f29ae08fcaa953da3a94a3d22d56b4b6d8858dab2728bf95fcde8e6f618
                              • Instruction Fuzzy Hash: 4B414C75E012099FDB54DFA9D840BEEBBF5EB88320F108029E958EB350E735D940CBA1
                              Function 0697612D Relevance: .1, Instructions: 111COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dbcb416342f954e0663af1c89e412c5026b72f49f73f00dd0f6966673eb5d465
                              • Instruction ID: 5f74b761f74a97de982ec4cf4442787a9b5549da48f37b041121ae2ba412f001
                              • Opcode Fuzzy Hash: dbcb416342f954e0663af1c89e412c5026b72f49f73f00dd0f6966673eb5d465
                              • Instruction Fuzzy Hash: 5041F330B056468FDB99AB30D85866E7BB7BFC5610F248569C406EB341EF35DC02CB94
                              Function 06976140 Relevance: .1, Instructions: 105COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ce37ad9728e64d94eed4b842147a9064773e9e51ffa943abbeaae1872b68f014
                              • Instruction ID: 994f5eb7ac93c1ca6b830c9ee2801d3e13cb72b48301c10600e3ce3e5c082aac
                              • Opcode Fuzzy Hash: ce37ad9728e64d94eed4b842147a9064773e9e51ffa943abbeaae1872b68f014
                              • Instruction Fuzzy Hash: DF319030B006068FDB99AB74D45866E7BA7BFC9650F248529C806EB345EF35DC02C795
                              Function 06975FF0 Relevance: .1, Instructions: 96COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d4e601ead984f48661e882ec45b1cbf873a897bdd316b1c784a5d25e2c64753e
                              • Instruction ID: cb9ab4e64a704e20de0ba8bcadb24bf43ecf9b08a0f4a0e639391922b65686cd
                              • Opcode Fuzzy Hash: d4e601ead984f48661e882ec45b1cbf873a897bdd316b1c784a5d25e2c64753e
                              • Instruction Fuzzy Hash: E9319E35E147069FCB49CF65D85469EBBF6BF89300F208819E806E7B50DB71AC42CB50
                              Function 06977D2F Relevance: .1, Instructions: 95COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 80cd5e0f99ea2586fa94c150d16f98feab49fa6762d0ab7d97784a64bfdd770f
                              • Instruction ID: b7db06e5ec59d876557d0161638fc976a658f393c24ccd239aa70234634ae7d5
                              • Opcode Fuzzy Hash: 80cd5e0f99ea2586fa94c150d16f98feab49fa6762d0ab7d97784a64bfdd770f
                              • Instruction Fuzzy Hash: F12102357006104FDB55E6B8D414B6EBBDAEBC9710F20806AE50ACF385EE66DD4283E9
                              Function 014F39AF Relevance: .1, Instructions: 95COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1319df2c549d8c1f655dbeff1b2084306747a8bdc4ea6e765fb12dd1abbb6c46
                              • Instruction ID: e7a67b92c717a9b73f4cfe230ff955c396e4ff462e86257e3ea1b0906a230e4a
                              • Opcode Fuzzy Hash: 1319df2c549d8c1f655dbeff1b2084306747a8bdc4ea6e765fb12dd1abbb6c46
                              • Instruction Fuzzy Hash: 3D316370A003158FDF55DF68D880AAEBBF1FB85310F104669D906EB761EB35AD0ACB91
                              Function 014F39C0 Relevance: .1, Instructions: 94COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 63c83654f2b81cd8c2067e7a7032a9eb822e7916844f97e5c6a3816d3ff4eaed
                              • Instruction ID: 7b53c2c297a00eba72c41ad019f51f62084486bc025d3d6347141ea0fb6d0371
                              • Opcode Fuzzy Hash: 63c83654f2b81cd8c2067e7a7032a9eb822e7916844f97e5c6a3816d3ff4eaed
                              • Instruction Fuzzy Hash: 90315C70A002158FDF55EF68D880AAEB7F5FB89310F104629D906EB361EB35AD06CB91
                              Function 014F318F Relevance: .1, Instructions: 93COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d9be0b0b0397fd7429d455ac926a45948d990e5842abf98750f4975f93b938c9
                              • Instruction ID: 56edbcbdbb26a7b1543aed4bf93976beb7a5983343c1b581c81d66d1cfd97b71
                              • Opcode Fuzzy Hash: d9be0b0b0397fd7429d455ac926a45948d990e5842abf98750f4975f93b938c9
                              • Instruction Fuzzy Hash: 05418F34A0070ADFCB15DFA9C48469EBBF1FF89310F15865ED5496B361EB70A985CB80
                              Function 014F349F Relevance: .1, Instructions: 93COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6331e17c9164f591009f7b6c0550cf06bf76c96ae3bdad001eb4be96fb36c470
                              • Instruction ID: 98847c6d04c5a55a025a860f9d97b8ef8fde27cfb42d645fd6c81750c7ba0091
                              • Opcode Fuzzy Hash: 6331e17c9164f591009f7b6c0550cf06bf76c96ae3bdad001eb4be96fb36c470
                              • Instruction Fuzzy Hash: 2931F1B0D05208DFDB24DFAAC488B9EBBF5FB88710F20841EE545AB390C775A945CB65
                              Function 06976000 Relevance: .1, Instructions: 91COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3e90bbc66ac74a0f2e83dad41c6c9b586644866253e28a6f59220fbccd99eece
                              • Instruction ID: 1fa3fa0f1ade46e17f99596bcc029dc888f89d6797bc64d89def8886afbaf3a2
                              • Opcode Fuzzy Hash: 3e90bbc66ac74a0f2e83dad41c6c9b586644866253e28a6f59220fbccd99eece
                              • Instruction Fuzzy Hash: 15312B31E1071A9BDB59CFA5D85469EB7B6AF89300F208529E806E7B50DB71AC42CB50
                              Function 06977AE7 Relevance: .1, Instructions: 85COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 38f13074d3ec682d69fa44f69d2662c31d53933b3b83cddd4e66bb61f37ff88c
                              • Instruction ID: 257a148502bbe7ae3a48bd33b0b4ae8924042efbe636405ee9311d798e5bb05b
                              • Opcode Fuzzy Hash: 38f13074d3ec682d69fa44f69d2662c31d53933b3b83cddd4e66bb61f37ff88c
                              • Instruction Fuzzy Hash: DB213836F010189FDB949AB9DC106FE77AEDBC8220F104035D405EB344EA25DD0287E0
                              Function 014F3BD1 Relevance: .1, Instructions: 85COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 50f9604b1d74f72e229c3d04f247f57f736e293a9905d172b2cbf92f79d961ce
                              • Instruction ID: a0be3b97aa302d27d6da7de7c40a7d5c71761d00961ac5be060066569c1d9ae5
                              • Opcode Fuzzy Hash: 50f9604b1d74f72e229c3d04f247f57f736e293a9905d172b2cbf92f79d961ce
                              • Instruction Fuzzy Hash: 252128B0D4424AAFDB50DFA9D819AAEBFF5FB08604F1488AAD515E7312D7708205CB91
                              Function 014F0D52 Relevance: .1, Instructions: 82COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6c9c41f29a66f6450bdebff301b8754ed9b0fb32a606d2c89161bd01670fa9a6
                              • Instruction ID: 4de19c2fb2e3a1c3a566db1b6b58b229431023535bcc73a5a5d9d6398a3b21c7
                              • Opcode Fuzzy Hash: 6c9c41f29a66f6450bdebff301b8754ed9b0fb32a606d2c89161bd01670fa9a6
                              • Instruction Fuzzy Hash: 9011D236B012101BEB55EA7EA80069FBBABDFC4521714802FE509C73A6DE349D0287A0
                              Function 069789F9 Relevance: .1, Instructions: 80COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3418fa37cad8886bc07079ea39598318c592e1e04ffeeedbcc69ae06911b3748
                              • Instruction ID: ac27baba605dbc9f16545c769ecb78c7487486d3e5fa2f0e388a3f48e5976956
                              • Opcode Fuzzy Hash: 3418fa37cad8886bc07079ea39598318c592e1e04ffeeedbcc69ae06911b3748
                              • Instruction Fuzzy Hash: 3A21F371B00209AFEB248F65CD98B6BBBB9FBC5724F24443AE405D7680C6318C01CBC0
                              Function 069779E8 Relevance: .1, Instructions: 78COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: de2bda1ed54b612471518d5500b58f3ad03a35f63d925028cd3e92648d4b343c
                              • Instruction ID: 7c226899579dba37b9dd7fef7a61da8f62863461d45e776f0be649980d34fda6
                              • Opcode Fuzzy Hash: de2bda1ed54b612471518d5500b58f3ad03a35f63d925028cd3e92648d4b343c
                              • Instruction Fuzzy Hash: 75218E75F012159FEB54DFA9D840AAEB7F5FB88220F108025E915EB340E735DD40CB91
                              Function 0308D468 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905678327.000000000308D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0308D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_308d000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1dc16fade88dad55ff6676527e0768bcfb6076f72fd96c83730ee7e66c70734b
                              • Instruction ID: 19d50043ecffd262c2d9a0995767c69b6831504da1aa82ede26a642a5a328494
                              • Opcode Fuzzy Hash: 1dc16fade88dad55ff6676527e0768bcfb6076f72fd96c83730ee7e66c70734b
                              • Instruction Fuzzy Hash: F021F575605304EFDB04EF10D5C4B16FBA5FB84328F24CAAED8894B696C37AD446CA61
                              Function 0308D2B8 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905678327.000000000308D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0308D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_308d000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: efd6f368edde207a052681e554c2e0ea826805248f9ca0e105a26f9abc29d979
                              • Instruction ID: 9c7690e374b58fa4ece6106d6bd5e2705121b318bc0767871a8432782c3d2437
                              • Opcode Fuzzy Hash: efd6f368edde207a052681e554c2e0ea826805248f9ca0e105a26f9abc29d979
                              • Instruction Fuzzy Hash: 812138B1605344DFDB04EF14E9C4B2ABBA5FB84324F24C66DD8894B386C33AD406CA62
                              Function 0308D0F0 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905678327.000000000308D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0308D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_308d000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: df14bb517905ecc1640bc7223f77a48b9bf533304ebade25ddef0541fe746150
                              • Instruction ID: 0f6c569ed90edb6f13234179d34dca897e007d9018189bf23f261028fe57cc64
                              • Opcode Fuzzy Hash: df14bb517905ecc1640bc7223f77a48b9bf533304ebade25ddef0541fe746150
                              • Instruction Fuzzy Hash: 5E21D375605304EFDF04EF18D984B16BBA6FF84714F24CAA9D8894B296C336D446CA61
                              Function 014F3490 Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7d39314274c550115b29c1ae31069888c7ac2b40fc757e628280c53709632210
                              • Instruction ID: 706219b36730e48e0cb89e0487b9c10e6a357c7efac5a867e0e61a25d6754b8f
                              • Opcode Fuzzy Hash: 7d39314274c550115b29c1ae31069888c7ac2b40fc757e628280c53709632210
                              • Instruction Fuzzy Hash: 692100B0D01208DFDB24CF99C948B9EBBF5BB88714F24810AE504AB3A0C7B49945CB61
                              Function 014F34E8 Relevance: .1, Instructions: 68COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fa8aa5bdb83ab1d32862b4b6c26c152ce3168c46c528d3a75690800ed374da2e
                              • Instruction ID: 48dd49a179086a156043a1876f45be94d43cbd3238a911f526e4d8ee501c817e
                              • Opcode Fuzzy Hash: fa8aa5bdb83ab1d32862b4b6c26c152ce3168c46c528d3a75690800ed374da2e
                              • Instruction Fuzzy Hash: 8A31BFB0D01218DFDB24DF9AC588B8EBBF5BB88714F24841AE504AB350C7B5A945CFA5
                              Function 06977AF8 Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 373c3f6cd6972c9aec9d81ce62c205ba963f6959ea0bbea77dce5647fdc34ec8
                              • Instruction ID: 61eb2d193e6dfefb1926dd975899033a4a3f91de7bc595c1caf458cfc63452f3
                              • Opcode Fuzzy Hash: 373c3f6cd6972c9aec9d81ce62c205ba963f6959ea0bbea77dce5647fdc34ec8
                              • Instruction Fuzzy Hash: 4B118431B111298FDF98AAB9D8146AE77EAEBC8710F104539D506EB344EE65DC028BD1
                              Function 069777B2 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5206abfacc0fdf0f39379b66285024995d90fb51707603f38feb7cffbeb0f884
                              • Instruction ID: e2b83357334c34df43515a59bbdaf744a5355b404e8c278d88c640f8b3be9104
                              • Opcode Fuzzy Hash: 5206abfacc0fdf0f39379b66285024995d90fb51707603f38feb7cffbeb0f884
                              • Instruction Fuzzy Hash: 6021E0B5D01259AFCB10CF9AD884ACEFFF8FB48210F10812AE918A7240D374A554CFA5
                              Function 0697E640 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8b9aff4947b4893c1b46987ef0c963086c299d19ec4779085cfd43f30d4d171a
                              • Instruction ID: b9198c0aa5adfdd63ca16f91494ae7e9c1a78806908940e4fceb583503f92179
                              • Opcode Fuzzy Hash: 8b9aff4947b4893c1b46987ef0c963086c299d19ec4779085cfd43f30d4d171a
                              • Instruction Fuzzy Hash: 9D014730B112100FDB91D67CD810B1B7BEDEB8A610F1049B9F50ECB790DD1ADE418380
                              Function 0308D0EB Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905678327.000000000308D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0308D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_308d000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                              • Instruction ID: fa031ed14395682461f31144ec968100bc44b1f9955934d1e3f3b119734e3c42
                              • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                              • Instruction Fuzzy Hash: 2711BB79504280EFCB01DF14D9D0B15FFA2FB84324F28C6AAD8894B696C33AD44ACB61
                              Function 0308D463 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905678327.000000000308D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0308D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_308d000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                              • Instruction ID: d37b917fbb06f607fe380b2495251ca27a042c464c889861ec064cab04c0b8c4
                              • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                              • Instruction Fuzzy Hash: 8A11BE75505240CFCB05DF10D5C4B15FBA2FB84318F28C6AED8494B296C33AD44ACB51
                              Function 0308D2B3 Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3905678327.000000000308D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0308D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_308d000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 862c65023cd92449f428095a58a3181619df817727a273a2fecd008dac0e22f8
                              • Instruction ID: 48b6529e453b2e8e12361ef5a717a3d4939f29868bf7f01a1600df8231258a2c
                              • Opcode Fuzzy Hash: 862c65023cd92449f428095a58a3181619df817727a273a2fecd008dac0e22f8
                              • Instruction Fuzzy Hash: BE11C4B6505284DFCB11DF14E5C4B19FFB1FB84324F28C6AAD8894B696C33AD406CBA1
                              Function 069777B8 Relevance: .1, Instructions: 52COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7a20483a89333951ec6a30fb9f943f3b7b276ea3c96d34b6c8a6314fab6d0b38
                              • Instruction ID: b462afd637969b9c4aea1b30de658fdbfe3164784ee97597dbe89ba2d850a78a
                              • Opcode Fuzzy Hash: 7a20483a89333951ec6a30fb9f943f3b7b276ea3c96d34b6c8a6314fab6d0b38
                              • Instruction Fuzzy Hash: 4611E2B1D01219AFCB00DF9AD884ACEFBF8FB48310F10812AE918A7340D374A954CFA5
                              Function 06977D40 Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c459fe4402b6c6bfb389a7041289692ab33415c44b1fabf425dc5ea0bbd14529
                              • Instruction ID: 44c72fcd81f4bdd44a8bbc28c3acab91ec79e42c08717566d94d39138534b1ee
                              • Opcode Fuzzy Hash: c459fe4402b6c6bfb389a7041289692ab33415c44b1fabf425dc5ea0bbd14529
                              • Instruction Fuzzy Hash: E8016D31B101205BDBA495BDD854B3BB7DEEBCA714F20883AE50ECB748ED66DC424395
                              Function 0697E650 Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4ac5df1eb87cbe1f6bd5936c7da9ee1beb7951d81659de8152389657d4947c93
                              • Instruction ID: bf0e0fe751d0470d117c7734fa17fc7c219b8e0f081240c0b78c54462aca40c3
                              • Opcode Fuzzy Hash: 4ac5df1eb87cbe1f6bd5936c7da9ee1beb7951d81659de8152389657d4947c93
                              • Instruction Fuzzy Hash: 9801A430B101144FDB94E67DD455B1B77EAEBC5A14F205878E60ECB750EE26ED414780
                              Function 014F30C1 Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c7586e442fe45daa772221abfcf61bb0a5b6155a283767c2e113067ec3be23c8
                              • Instruction ID: a8a18dd65aa9056f09a4924903752da052cd0e8bb2f486453dfde701dea68fe5
                              • Opcode Fuzzy Hash: c7586e442fe45daa772221abfcf61bb0a5b6155a283767c2e113067ec3be23c8
                              • Instruction Fuzzy Hash: 4311E3B58003498FDB20DF9AD544BDEFBF4AB88320F20841AD559A7350C374A944CFA4
                              Function 014F06A8 Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a0a616a2c28947cb3aa26964bbc93ff7d48bbaf469a49cf12ea32ff2bec52d4d
                              • Instruction ID: c2e52b2cef8b2e0fb0c9673ac097306859bd68db455847e89365c213a3ce2d09
                              • Opcode Fuzzy Hash: a0a616a2c28947cb3aa26964bbc93ff7d48bbaf469a49cf12ea32ff2bec52d4d
                              • Instruction Fuzzy Hash: 44017134D1020ADBDB44DF64C954AEFBBF6EF88244F144469E901B7362EB355D46CBA0
                              Function 014F30C8 Relevance: .0, Instructions: 44COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a80c3aedc446cc7497332ec61bccb0af9ef91bd3789c24e37301aa6d29ea1867
                              • Instruction ID: 768d74d57e47e484b4d2af9f87596c8308ab15032c5acb7280fd169fca692509
                              • Opcode Fuzzy Hash: a80c3aedc446cc7497332ec61bccb0af9ef91bd3789c24e37301aa6d29ea1867
                              • Instruction Fuzzy Hash: 9C1100B58003498FDB20DF9AD584B9EFBF8FB48320F20841AD559A7350C378A944CFA5
                              Function 014F3BE0 Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c48c25511d95c5843e3cc9cf4528a1f8c8795d23ac4559b0e7534cc1884802d3
                              • Instruction ID: f018cabe69016ea417459422a7fa030c1e7c8f9a40559f2ccd1307d122be46d2
                              • Opcode Fuzzy Hash: c48c25511d95c5843e3cc9cf4528a1f8c8795d23ac4559b0e7534cc1884802d3
                              • Instruction Fuzzy Hash: 5EF0DAB1E0434A9FDB54DFAAD845BAEBBF4BB48300F1085AADA18E7311E7709541CB90
                              Function 014F3B79 Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bda25e2ed364bec56209487ec05979059949674c3c0f0d56700c977b5e2eca6c
                              • Instruction ID: 1f7b8602b57537c05c26e449fadcb7221fedbf4f8d0090c7181c53be2ce9b7bf
                              • Opcode Fuzzy Hash: bda25e2ed364bec56209487ec05979059949674c3c0f0d56700c977b5e2eca6c
                              • Instruction Fuzzy Hash: C8F0A070D4420DAFC700DFA8C804A9FBFF1FF08200F1480A9D008DB352DB7082058B91
                              Function 0697A7A8 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b7c9eea04137ae78c34ab292123392d32a08f7a0f428c28ecff0f664249c61d5
                              • Instruction ID: 613d47d46b7c009516f9ae4357519ef7ae3fdcfb1f4b0a19afdc2d28e3dbe5ce
                              • Opcode Fuzzy Hash: b7c9eea04137ae78c34ab292123392d32a08f7a0f428c28ecff0f664249c61d5
                              • Instruction Fuzzy Hash: 07E0D875E1A24C6BDF61CEB8CD4578E7B7CEB02204F3188E5F804CB546E53AC9019791
                              Function 06978981 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3bfc08f6b24cd97abd940312b085a7bacf2bc123c4a5fb38eefe45589b6c9679
                              • Instruction ID: 5c840dd065edc080972efa7e0123f1773f140417405e25856eeebd81b713b0eb
                              • Opcode Fuzzy Hash: 3bfc08f6b24cd97abd940312b085a7bacf2bc123c4a5fb38eefe45589b6c9679
                              • Instruction Fuzzy Hash: D7F0FE30A10219DFDB54DFA0E9697AEBBB2FF94700F20412AE502A7684CB751D41CB81
                              Function 014F3C6F Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5971ace36e18621438188fb243bd8ead3c0e5cf3332549f40f2849503a11fe9c
                              • Instruction ID: a731cc3907137e909aef23f016b5e7c6e90227552049b689a756165890f69b07
                              • Opcode Fuzzy Hash: 5971ace36e18621438188fb243bd8ead3c0e5cf3332549f40f2849503a11fe9c
                              • Instruction Fuzzy Hash: 12E086321552896FCB56CEA0DC00DD77FB9AF22294318C0A7F584CB1B3D721C529D7A0
                              Function 0697A7B8 Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3911584106.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_6970000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d4ed9b85426eb4e938e769d635faf96279f57e6669b2f34b6991db0cb4588a8a
                              • Instruction ID: f7e51f04e53e87e1bb86deb0862595a3853e40ba91f1af0a58be87a47a74b2aa
                              • Opcode Fuzzy Hash: d4ed9b85426eb4e938e769d635faf96279f57e6669b2f34b6991db0cb4588a8a
                              • Instruction Fuzzy Hash: 52E02B70E1510CABDF50CEB0CD4575EB3BCEB01204F3088A4D408C7A01E17BCE019780
                              Function 014F2B2A Relevance: .0, Instructions: 22COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4b0677f6fd8158713ef7565e31ff2abc25cc6149f76be8bfb8c46c0baf016ef1
                              • Instruction ID: 4ffa544766733c4e60c743fc9ae1c9422309f46221b034aea678c805c252c043
                              • Opcode Fuzzy Hash: 4b0677f6fd8158713ef7565e31ff2abc25cc6149f76be8bfb8c46c0baf016ef1
                              • Instruction Fuzzy Hash: 26D0A72026A3A927D61521A91C109DE3F5FCB479A4748009BF109C725389558C0543F6
                              Function 014F3B88 Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1c9d5d76724c49cd1c8c32e02b1ed671d672eed17846f050eca5e20f71a8e9df
                              • Instruction ID: 642a6bc368d261d07b5eeb03576b481210a258dc0cb89a90b6553d55d58cdc40
                              • Opcode Fuzzy Hash: 1c9d5d76724c49cd1c8c32e02b1ed671d672eed17846f050eca5e20f71a8e9df
                              • Instruction Fuzzy Hash: 7DE0B6B0D40209DFDB40EFB9C959A5EBBF0BF08600F2185AAD519E7362EB749605CF91
                              Function 014F2B38 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000004.00000002.3904810287.00000000014F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_4_2_14f0000_CasPol.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d3377ae04ce2b4247d0addac2129e88cbf14a04744c533c81be8535d15021119
                              • Instruction ID: 76f1388935e9301e74038399ee1f07b7dfbd4e82576b62cd5ed644e1c3ef3326
                              • Opcode Fuzzy Hash: d3377ae04ce2b4247d0addac2129e88cbf14a04744c533c81be8535d15021119
                              • Instruction Fuzzy Hash: D5B09B2171517913D604319E641069D728E4796970F40007FA60D977419CD59C4103D9